flems.io
flems.io copied to clipboard
porsager
Fullscreen button 404s
Hello again!
Just wanted to file a little issue noting that the fullscreen button on flems.io is currently 404-ing on an NGINX page. When I click on the button, it tries to take me to https://p.flems.io/ with no state hash
(Happening to me on Firefox v75 and Chrome v81 on macOS, just FYI)
Yeah it's unfortunately because someone used it to create phishing sites. I had to take it down until I've got time to solve it because Cloudflare and browsers blocked it with their anti phishing protection.
Ugh this is why we can't have nice things.
In the mean time, if I'm embedding a flems.io link via an iframe, is there any way to remove the full screen button without removing the the toolbar entirely?
Yeah! Just what I thought :-/
Ah right, that should be documented in the README too :) It's fullscreenButton: false.
Also, as you probably know, you can use all the same options as for the flems core library.
Fantastic! I can throw together a README update PR if that's at all helpful.
Feel free to close this issue if you'd like (or keep it open if it's helpful for tracking). My needs are met with the fullscreenButton configuration setting
Nice, yeah a PR would be great ! Thanks 😊 Let's close this issue with the PR then
Aside from hiding, other options for the fullscreen button are:
- actually use fullscreen api (not any more useful than collapsing the editor and f11 tho)
- open a tab working on the same principle as the iframe - with the content not as an url hash, but passed to it via postMessage so it is not externally hotlinkable and abusable.
- as suggested in #30, have a splash/info screen before loading the preview so it is hotlinkable but not usable for phishing; possibly skipped if opener is confirmed to be https://flems.io via e.g. the origin of a postmessage event
