# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 9
# self = https://watcher.sour.is/conv/peqf4kq
sorenpeter
darch.dk
View Thread
I think is part of the code by @eapl.me that I have based my project on. So try to ask him.
sorenpeter
darch.dk
View Thread
I think is part of the code by @eapl.me that I have based my project on. So try to ask him.
sorenpeter
darch.dk
View Thread
I think is part of the code by @eapl.me that I have based my project on. So try to ask him.
sorenpeter
darch.dk
View Thread
I think is part of the code by @eapl.me that I have based my project on. So try to ask him.
eapl.me
eapl.me
View Thread
hey @mckinley !

Perhaps your VPN or an extension is injecting some kind of verification before using the site?

The original development doesn't use JavaScript at all, and has 2 cookies for session managing, short term for guests and long term for the admin (perhaps that has to be changed with current European regulations, not sure)

@darch you could add HTTPS to your site to avoid external services injecting JS to the HTML. I bought a SSL certificate for my shared hosting, sadly it doesn't support Let's Encrypt.

But if an extension is doing that, I think there is not much to do from our side.
eapl.me
eapl.me
View Thread
hey @mckinley !
xuu
txt.sour.is
View Thread
@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.
xuu@dev.txt.sour.is
dev.txt.sour.is
View Thread
@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.
mckinley
twtxt.net
View Thread
@eapl.me There is HTTPS but it doesn't seem to be enforced. My browser always connects with TLS if it's available and the message is present with or without TLS or extensions, even when using cURL. I would notice if my VPN service injected things like this because I disable JavaScript and cookies by default. I think it's unlikely I'm being MiTMed because the certificate is definitely from Let's Encrypt. Also, I don't see the point in MiTMing me just to put a JavaScript challenge on someone's personal website.

I still think it's a hosting provider thing. It doesn't really matter to me, I'm just curious.