In Chrome, I get the following when trying to use the remote follow form:
Refused to send form data to 'https://example.com/remote_follow'
because it violates the following Content Security Policy directive:
"form-action 'self'".
It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint. See:
https://github.com/w3c/webappsec-csp/issues/8
In that thread, this workaround is suggested.
While this option is not used anywhere in microblog.pub itself, some
other servers do occasionally use it when showing remote profiles.
Also, this image _can_ be used in microblog.pub - just add this:
<img src="{{ local_actor.image_url }}">
in the appropriate place of your template!
I'd like to customize my instance's theme beyond what's possible with
_theme.scss. This patch would allow me to do that, and keep my changes
self-contained in data/ without maintaining a local patchset over
app/templates/.
For utils.html, I've also added scoped blocks around the body of every
macro. This allows the macros to be overridden individually in
data/templates/utils.html, without copying the whole file. For example,
to only override the display of a specific actor's name/icon:
{% extends "app/utils.html" %}
{% block display_actor %}
{% if actor.ap_id == "https://me.example.com" %}
<!-- custom actor display -->
{% else %}
{{ super() }}
{% endif %}
{% endblock %}
