SneedChat Complaint Thread

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
Hello, I can't connect to general at all. Other chats seem to be fine
Oh well nevermind. Account too new
 
Lolek said:
Hello, I can't connect to general at all. Other chats seem to be fine
Oh well nevermind. Account too new
Click to expand...
is this why I can't connect to the general chat?

The only other active one seems to be kino casino?

I thought it was for PPP and Warski.... but uh...
 
keep getting "failed to send message." in all chats,,, I tried on different devices, same result. Im too retarded with technology is this just due to my shitty wifi??
 
I notice that there is a chat room I cannot access when I join a chat from the chat tab. Why is that? I presume it's a lot more active than any of the other chat rooms that I can view and participate in.
 
Sneedchat failing to load for me on refresh - was working before the rollback.
 
I'm being told I can't use sneed chat. It says "you can not send messages" the thing is my account is old enough to chat in any chat room and nobody banned me, if they did then I wasn't notified
 
1733522994723.png

It leaves br's behind when phoneposting and sending a message with a trailing space.
 
Sneedchat needs to be permanent since some people TMI in an embarassing manner not fit for a publically accessible forumn. It’s really cringe.
 
@Null idk if it's appropriate to tag you or not (thread is old so you might've unsubscribed or something), but im really tired of having ppl shame me for using catbox.moe which is like the only god damn allowed img provider with API access*

* while making of this post I learned you added qu.ax at some point which DOES have an API so that's good, but since I already started I might as well finish

here's what the current Content-Security-Policy header looks like:
Content-Security-Policy: frame-src 'none'; object-src 'none'; connect-src 'self' wss:; img-src 'self' data: no-cookie.kiwifarms.st uploads.kiwifarms.st kiwifarms.st files.kick.com litter.catbox.moe files.catbox.moe catbox.moe i.postimg.cc i.ibb.co images2.imgbox.com qu.ax

1. the CSP doesn't include KF's mirrors, so ppl on Tor cannot see when ppl post an uploads.kiwifarms.st img (same applies to the reverse though the user would need to be connected to Tor and have onion links proxied through it or something).
  • you could add all the mirrors to the CSP header, but ppl on clearnet still won't be able to see onion embeds unless they're autism enough to set up onion retrieval on their router or clearnet browser (like me lol)
  • a better approach might be to have have sneedchat transform the img links to whatever mirror they're currently connected to
2. given you now have KF download all embeds and strip them of extra data anyway, just how necessary is having this whitelist anyway?
  • if it's for some security reason, it might actually be a good idea to remove the catbox and qu.ax options since they don't strip image files in any way, and who knows, there may be another insane webp exploit eventually
  • the list of whitelisted hosts is p damn short all things considered, I don't like or use imgur anymore but I'm not sure there's any point in restricting it given they strip images and the images are auto-proxied (maybe imgur is blacklisting KF IPs or something?)
3. If you do still need the whitelist, here's some possible additions:
  • i.imgur.com
    • (see above)
  • cdn.discordapp.com
    • these days they have auth parameters in the URL to prevent long-term hotlinking (which shouldn't be an issue for the image proxy if it's still valid)
    • This private information is unavailable to guests due to policies enforced by third-parties.
  • i.vgy.me
    • vgy.me is a little-known image provider that has been around for over 10 years now, they offer free REST API access to registered users plus they allow unregistered ppl to use jQuery-based or PHP-based file uploaders (source)
  • shared.fastly.steamstatic.com
  • avatars.fastly.steamstatic.com
  • images.steamusercontent.com
  • steamusercontent-a.akamaihd.net
    • these are all the CDNs Steam uses that I know of (yes I know the last one looks sketchy but it's legit, usually used for screenshots but there are cheeky ways to upload non-screenshots to it)
  • pbs.twimg.com
    • xitter's CDN, if you want the image proxy to always get the original you can modify the name parameter to orig and fall back to the unmodified URL if that doesn't work
  • (?) cdninstagram.com
    • instagram has like a billion different subdomains for their CDN so if you need to set subdomains explicitly for your setup then this might not be a good option
okay this took like a billion years longer than I thought it would but it's done ilu goobye

EDIT: P.S. I'M SORRY TO ALL NIGGERS FOR USING BLACKLIST & WHITELIST! I SHOULD'VE WENT WITH ALLOWLIST & BLOCKLIST, I'M NOT RACIST I SWEAR!!
 
Last edited:
white list is important and not being removed. will work on it later. not doing any of that shit. will just rewrite kf urls in chat.
 
Null said:
white list is important and not being removed. will work on it later. not doing any of that shit. will just rewrite kf urls in chat.
Click to expand...
ok pls add i.vgy.me tho, there's no caveats w/ that, the Steam ones should also be fine too but vgy.me is the important one imo
 
This isn't about sneedchat itself but is a minor formatting thing, on mobile random.txt is displayed when you open sneedchat which wastes screen space and didn't used to be displayed.
 
You must log in or register to reply here.
Back