zlacker

[return to "Had a call with Reddit to discuss pricing"]
1. danije+KI[view] [source] 2023-05-31 20:27:25
>>robbie+(OP)
The web went in the wrong direction when we abandoned the initial concepts of user agents, which was that the browser has the ultimate choice of what to render and how. That concept, transferred to today's world of apps would simply mean that any client like Apollo is essentially a browser locked on Reddit's website, parsing HTML (which has the role of an API) and rendering the content in a native interface. As long as the user can access the HTML for free, they should be able to use any application (a browser or a special app) and render the content however they wish.

Unfortunately with today's SPA apps we don't even get the HTML directly, but with the recent resurgence of server-side rendering we may soon be able to get rendered HTML with one HTTP request. And then the only hurdles will be legal.

◧◩
2. DaiPlu+TU[view] [source] 2023-05-31 21:31:12
>>danije+KI
> Unfortunately with today's SPA apps we don't even get the HTML directly

It works the other way: with today's SPAs the API (that powers the frontend) is exposed for us to use directly, without going through the HTML - just use your browser's devtools to inspect the network/fetch/XHR requests and build your own client.

-----

On an related-but-unrelated note: I don't know why so many website companies aren't allowing users to pay to use their own client: it's win-win-win: the service operator gets new revenue to make-up for the lack of ads in third-party clients, it doesn't cost the operator anything (because their web-services and APIs are already going to be well-documented, right?), and makes the user/consumer-base happy because they can use a specialized client.

Where would Twitter be today if we could continue to use Tweetbot and other clients with our own single-user API-key or so?

◧◩◪
3. jakear+jB1[view] [source] 2023-06-01 03:21:18
>>DaiPlu+TU
CORS ruined this pipe dream. Ideally you’d be able to tell your browser that website X loading content from site Y was a-okay and exactly what you want to happen because site Y is user-hostile and site X addresses all those issues, but alas.

Now the only way to access site Y is by a) routing all your data through some third party server, or b) installing a native application which has way more access to your machine than the web app would.

Some days you gotta wonder if anyone on the web committees has any interest in end-users.

◧◩◪◨
4. rtpg+3M1[view] [source] 2023-06-01 05:37:20
>>jakear+jB1
I understand what you're saying, but plenty of websites resolve this by having an in-browser OAuth flow, and then working off of an API. It's not like APIs are asking for CORS stuff in general, just cookie auth to the third party server requires CORS.

If a third-party webapp wanted to access Reddit, an auth flow that gets API tokens from it and then stories those for usage gets this working (in the universe in which Reddit wants this to happen of course). You still get CORS protection from the general drive-by issues, and you'll need an explicit auth step on a third party site (but that's why OAuth sends you to the data provider's website to then be redirected)

◧◩◪◨⬒
5. jakear+XY1[view] [source] 2023-06-01 08:23:11
>>rtpg+3M1
I don’t think you do get what I’m saying. If an Origin wants to be accessed by other Origins there are plenty of ways to do that, that much should be obvious.

I’m talking about the case when the User wants origin A to render data origin B has, but origin B doesn’t want that. You’d expect the User Agent to act on the User’s behalf and hand B’s data to A after confirming with the User that is their intention.

But instead the User Agent totally disregards the User and exclusively listens to origin B. This prevents the User from rendering the data in the more accessible/secure/privacy-preserving/intuitive way that origin A would have provided.

Strange to see all the comments arguing that in fact the browser ought to be an Origin Agent.

[go to top]