Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 30 11:45
    Tolkyria commented #646
  • Jan 30 11:44
    Tolkyria commented #646
  • Jan 16 14:09
    patrickboesch starred arenanet/api-cdi
  • Jan 16 03:23
    isand3r starred arenanet/api-cdi
  • Dec 09 2018 14:11
    queicherius commented #567
  • Dec 05 2018 16:57
    apoch closed #433
  • Dec 05 2018 16:57
    apoch commented #433
  • Dec 05 2018 16:53
    wafflebot[bot] unlabeled #527
  • Dec 05 2018 16:53

    apoch on master

    /v2/pvp/seasons: add .ranks. Merge pull request #535 from ar… (compare)

  • Dec 05 2018 16:53
    apoch closed #535
  • Dec 05 2018 16:53
    apoch closed #527
  • Dec 05 2018 16:45

    apoch on master

    add missing name tag to /v2/rac… Merge pull request #609 from Th… (compare)

  • Dec 05 2018 16:45
    apoch closed #609
  • Dec 04 2018 19:18
    darthmaim commented #640
  • Dec 04 2018 18:17
    apoch commented #640
  • Dec 04 2018 09:43
    darthmaim commented #640
  • Dec 03 2018 17:50
    Aonwy unlabeled #640
  • Dec 03 2018 17:49
    Aonwy closed #640
  • Dec 03 2018 17:47
    Aonwy labeled #645
  • Dec 01 2018 18:36
    strigefleur edited #645
windwarrior
@windwarrior
-.-"
lye
@lye
yeah but here's the catch
the native messaging API requires a hardcoded whitelist of 2nd-level domains
so you can't do "*" or "*.com"
so each bloody application would needs its own extension for each browser
it's so stupid
windwarrior
@windwarrior
*.gw2apps.com?
lye
@lye
the only real solutions are (1) require all sites served over HTTPS to talk use HTTP, or (2) proxy websocket traffic through an SSL ANet server or (3) use a CF-style SSL challenge oracle to provide SSL in-client
David Reeß
@queicherius
This is pretty dumb. I love when bugreports get answered with "lol sucks for you, do it in this shitty way".
lye
@lye
right that'd be (2) or (3) which extends the development time by at least a month
I really don't get why localhost is unprivileged; CORS (which WS supports) should fix that perfectly fine
why do I care about mixed-content when it's not going across a network
that's literally the only time you care about mixed-content, when parts may be sent over a network unencrypted
I'm really upset.
sorry.
windwarrior
@windwarrior
well, constructively, you can maybe present the chromium developers with your reasoning
Pat Cavit
@tivac
based on past experience that's unlikely to change anything
lye
@lye
it's not chromium, it's the standards body
in that issue they're basically saying "the standard requires this"
and even if I had a magic wand to get the standards changed
that would still push the timeline back years
windwarrior
@windwarrior
right
lye
@lye
I'm gonna try running the CF-style SSL challenge oracle by some server people at some point; I have a feeling they'll say "that's insane let's avoid that" because it's kind of insane
windwarrior
@windwarrior
whats CF-style? I havent heard about it yet
lye
@lye
basically how cloudflare handles SSL if you don't want to give them your key
you provide a challenge oracle which their servers use to start SSL connections with your key
it's basically the same thing as giving them the key, but you can revoke it a lot easier than with CRLs and OCSP stapling
because both of those are an absolute cluster
because TLS is an absolute cluster
(revocation with a challenge oracle is as simple as just turning off the challenge oracle)
windwarrior
@windwarrior
awesome, was looking for that
lye
@lye
IMO it's kind of stupid; it's just to get around stupid bureaucratic issues w.r.t key handling
anyway if anyone's got a better idea let me know
because this is still something I'd love to see happen despite the internet-only nearsightedness of the standards committee
darthmaim
@darthmaim
add local.api.guildwars2.com -> 127.0.0.1 to /etc/hosts and have a valid cert for it :fire:
lye
@lye
it would have to be on a subdomain
not on a subdomain, on a completely different domain
like *.lyesgw2api.com
there's too much fishy business you can get into with CORS and a valid cert for a subdomain
because the web is a goddamn tinderbox
and we should burn it to the ground
https://www.youtube.com/watch?v=hUOzEthA_yU
(to remove the not-quite-NSFW thumbnail)
David Reeß
@queicherius
thanks for that link, TIL
lye
@lye
Archer is a really good show.
David Reeß
@queicherius
I want a "sadface" smiley reaction on github. Not a "confused" one. :<
Eearslya Sleiarion
@Eearslya
I don't suppose a long-polling webserver embedded in the GW2 client would be much better
lye
@lye
@queicherius we could repurpose :laughing: to mean crying but it would be non-obvious.
@Eearslya AFAIK it doesn't fix the mixed-content issue