We previously shared that we’re releasing a public web view soon so that you can view Bluesky posts without being logged in.
The upcoming release will not have the public web view enabled yet, but it will have a tool to opt out of it.
More details in this thread 🧵
Exciting news: We’re taking another step to making Bluesky an open network for public conversations.
Around the end of this month, we’ll release a public web interface. With this, you’ll be able to view posts on Bluesky without being logged in on an account.
Remember, your posts, profile, and likes are all public data. But sometimes, added friction matters. This opt-out tool will only affect the logged-out view of the Bluesky app ( bsky.app ), but we recommend other apps on the open network respect the setting as well.
you can do that here:
https://skychat.social/#search
If you log in, there'll be a toggle to search only your posts.
If you don't log in, type "from:yourhandle.bsky.social stuff"
If you are on iOS then you can install Skychat directly from the website. So, go to https://skychat.social in Safari, then click the share button at the bottom and select "Add to Home Screen". Then it will work like any other app.
See https://www.youtube.com/shorts/QMsncxVM48c
It’s actually very similar to how Twitter worked early on. The community was able to build things that the actual Twitter devs hadn’t had time to yet. A lot of the early cool things happened that way.
No, I did not. After 30+ years in IT I'd kick myself if I did that. 🤣
However, the problem is solved. Upper case "F", which is keyboard default for first letter, fails. It is case-sensitive.
is it an intended feature to load anything from the /api/html endpoint? csp prevents xss, but phishing pages and arbitrary redirects are still possible right?
skychat.social/api/html?url...
Good catch. It's only used to proxy requests to tenor and imgur to get the meta tags on the client. This basically figures out the width/height and video URL of GIFs on those sites. These values are injected into video and style attributes on a
i figured since notion does something similar, and its filtering for all localhost iterations i know of, local files, and cloud metadata uri, that alot of the ssrf risks are largely mitigated
Still, thanks for taking a look and alerting me. I'm definitely not an infosec guru, tried my best with most locked down CSP possible given the app requirements.