#Loqi[jacky] okay needing some feedback from people who add weather and location info to posts: would it make sense for a Micropub editor to allow for one to add multiple locations / weather bits?
#LoqiA quotation is a type of response post that is primarily a subset of the contents of another post, and often has a citation of that other post https://indieweb.org/quotations
#vika_nezrimayajacky: oo, wow, content warnings! Did you come up with this idea independently or grabbed it from the previous versions of my software? It definitely had content warnings at some point!
#jackythere's a discussion about adding it as a MF2 property! :)
#@kisik21I think IndieWeb needs more content warning like in mastodon. I propose `p-content-warning` for this and I'll try to implement this at least on my own website. (twitter.com/_/status/1073535641919647744)
#Loqivika_nezrimaya has 4 karma in this channel over the last year (9 in all channels)
#vika_nezrimayai'm feeling good right now because even though my website is down I'm doing something great by participating in IndieWeb and Microformats standartization!
#petermolnar!tell [tantek] re disaled stylesheets: on <style> elements <style disabled> doesn't seem to work, but it does trigger with JS e.disabled = true; I'm still trying to make sense of it...
#Zegnatpetermolnar: `<style media="not all">` is valid per the nuhtml checker and my reading of the MQ spec. At least in Firefox it also seems to correctly disable the CSS within the style element.
#ZegnatSo that is probably the "correct" way of saying none
#petermolnarthing is, following the html 4.01 specs was a breeze; trying to find the current, working documentation for these kinds of edge cases is surprisingly hard these days
#ZegnatI find CSS specs to be somewhat hard to follow because of all the modules. But in a lot of cases the HTML spec will actually link you to the things you want to read, in my experience.
[jgmac1106], leg, zootella_, shakeel, Rixon, Zegnat, swentel, deathrow1, swentie, [tw2113], geoffo and dckc joined the channel
#Zegnatdisabled is not an attribute on the style element at all, if I look at the HTML spec, [tantek]. So might have been dropped somewhere along the way
#[tantek]Zegnat more likely forgotten. Odd to have that inconsistency between style and link elements
#[tantek]I probably implemented it at the time because it made sense, and couldn’t get it changed in HTML4 which was already done, and then never got around to it years later when HTML5 was first published
[fluffy] joined the channel
#ZegnatHTML spec is fairly specific about the fact that the disabled flag is always set to its default value when a <style> element is parsed. Nothing about setting it, sadly. It does not even seem to exist in the DOM definition of the element, only exists in the CSSOM definition of Stylesheet. So it is very easy to set with JavaScript, but that is of course *after* the browser has already done the initial parse.
#ZegnatI do admit "not all" is a bit of a hack, but a very straightforward one at it, hehe
#petermolnarthat's exactly what media queries are for
#petermolnarand those who can't parse media queries will interpret it as bad, so they'll throw it a away
[KevinMarks] and ketudb joined the channel
#Zegnatjacky: are you still running everything for your site through Dokku? I am looking for a thing to manage what I run on my server, and the idea that something that overs one-click-Heroku-deploy might be able to also be self-hosted is intriguing to me.
#ZegnatAny tips on getting started with it? I was thinking just getting a cheap VPS at a standard hosting provider and giving it a try.
#ZegnatThere was a project I wanted to try (https://github.com/strapi/strapi) that seems to have an Heroku template. So would be even better if I could get it setup on a short timespan. And I think it might encourage me to make all my own projects one-click-deployable too, where possible.
#Loqi[strapi] strapi: 🚀 Open source Node.js Headless CMS to easily build customisable APIs
#ZegnatI am not sure how important a GUI installer is for me specifically. Because I would not go through the trouble of getting my own code accepted into it, I think.
#LoqiIndieWebKit is a Swift library that provides client APIs for interacting with IndieAuth, Micropub, and Microsub from apps in the Apple ecosystem https://indieweb.org/IndieWebKit
#[tantek]Hmm, sorta? For some of those, WebSub is more appropriate, e.g. as broader notifications to any parties interested (that you might not even know about).
justache joined the channel
#[schmarty]aaronpk: indieauth.spec.indieweb.org does not mention PKCE (because it was published before that spec was a REC, i imagine). maybe a silly question but is it "cool" to have an auth endpoint support PKCE? seems like the token endpoint (if they're not the same) would need to know to pass long the values?
#aaronpkyeah i want to do a revision of indieauth that includes PKCE
#aaronpkPKCE is already an OAuth extension, so it's definitely possible to also do PKCE with indieauth right now
#aaronpkOAuth 2.1 includes PKCE by default, so after that's a bit farther along I'll probably write up an IndieAuth 1.1 that extends OAuth 2.1, whereas the current IndieAuth extends OAuth 2.0
#[schmarty]i think supporting it for authentication flow is pretty straightforward for an auth endpoint. for an authorization token i only see the wrinkle that the token endpoint needs to recognize and pass along the nonce.
#aaronpk(code verifier, not nonce. nonce is from openid connect)
#[schmarty]oops thanks. hazards of working from memory rather than looking at the dang spec. yes the code verifier!
#aaronpkyeah i'd have to think through how our separation of token endpoint and authorization endpoint affects that
[Jose_Leiva] joined the channel
#[Jose_Leiva]given that https://ownyourgram.com/ is not accepting new accounts, what’s a good alternative?
#LoqiPKCE, Proof-Key for Code Exchange, (pronounced "pixie") is an extension to OAuth 2.0 that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
[jgmac1106] and [schmarty] joined the channel
#vika_nezrimayaReturning to a year-old codebase: launching a new venv, pip install -r requirements.txt, python -m pytest... 14 errors. Then remembering that I was on a feature branch, switching back to master, all tests are green :3
#vika_nezrimayajacky: oh, this PKCE thing is nice, and already has support, I might need to implement it
#@kevinmarks↩️ We have this in #indieweb
1. Verify domain url and bidirectional rel=me links
2. Links from domain url to email to send token (or webfist to reverse)
3. Use webmentions instead
4. This is harder, but once you can verify domain ownership you can limit by it. (twitter.com/_/status/1281710717960413185)
#GWGaaronpk: Would you document what might be in IndieAuth 1.1 so we can be ahead of the curve?
#aaronpkthe goal would be to follow the current oauth best practices, which are being collected in oauth 2.1, extending it with what we need for indieauth
#GWGaaronpk: What about expiring tokens? Do we have any outstanding items we might want to put in?
#aaronpktechnically nothing is stopping anyone from currently implementing tokens that expire
#GWGaaronpk: Understood, just looking to get something started.
sp1ff joined the channel
#GWGThus reminding everyone that we have popup proposals to consider
[fluffy] and strugee joined the channel
#jmacHi folks... helping another friend debug their Microformats (not that they've asked for my help yet, but they sent me a webmention so they're getting it anyway). Am I right that http://pin13.net/mf2-dev/?id=20200710234939260 isn't a well-formed "in-reply-to" because that property appears one level too deep? That is, it's a property of an h-cite within an h-entry, and not the h-entry directly?
#KartikPrabhujmac: it is a well-formed reply. But the reply post is the h-cite not the h-entry
#KartikPrabhuan fix is to do the following: add a "in-reply-to" directly to the h-cite, and change the "u-in-reply-to" to a "u-url"