sheodox
Visiting https://instance1.com/instance2.com bypasses forced instance
Not sure if this is as design, but the client can add a different instance to the end of the URL and browse using a different instance.
For example: https://a.lemmy.dbzer0.com/lemmy.world
This shows lemmy.world's local communities, icons and sidebar.
likely doesn't have the .env variable ALEXANDRITE_FORCE_INSTANCE, but do have ALEXANDRITE_FORCE_INSTANCE set
What is the difference, am I being dumb?
On my instance, I've set the environment variable via docker-compose.yml yet I can use other instances like described.
It's been a while since I have touched that part of the code, but I just looked through it again. Looks like forced instance mode prevents you from logging into an account on another instance, but all links within the app should keep you on that instance. It doesn't prevent you from manually editing the URL to view a different instance, but if you're there it won't let you log in.
I do want to change it eventually so if you're using forced instance the instance isn't in the url, but I've not gotten around to it yet. See #88
@etymotic The reason accessing lemmy.world through your server doesn't work is because your Content Security Policy settings are blocking requests to lemmy.world.
When your project gets so big that some parts start to need to be relearned :)
Thanks for checking. I'll get the reverse proxy to police it for now.