neuromatchacademy / mastodon Goto Github PK

Steps to reproduce the problem

1. I boosted this post: https://scholar.social/@researchfairy/111840719521713968
2. It appeared on the local TL and then disappeared on refreshing even though there are no other boosts of the same post.
3. The boost appears on my profile though.
4. Similar case with this post: https://mastodon.social/@koen_hufkens/111840494469557835 that El had boosted.
5. I saw the same thing happen earlier with a post from mastodon engg account. We tested this with @sneakers-the-rat and it appeared on the local TL only after Jonny boosted it, I unboosted the post and reboosted.
   ...

Expected behaviour

Only duplicate boosts should be filtered

Actual behaviour

Non-duplicate boosts are being filtered

Detailed description

What's happening is that for some instances, even the first boost is being filtered out.

Relevant feature: https://wiki.neuromatch.social/Filter_Duplicate_Boosts
I'm no query expert but something in the query is filtering non-duplicate boosts for certain posts (not all) from the local TL.

Mastodon instance

neuromatch.social

Mastodon version

v4.3.0-alpha.0+glitch

Technical details

If this is happening on your own Mastodon server, please fill out those:

• Ruby version: ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
• Node.js version: v16.20.2

Pitch

When expanding a post, the instance should fetch all replies from the host server.

This issue is to move more general conversation out of #8 because i think that's the wrong approach

Previous context:

• #8 - I'm going to close this PR because I think it should be default behavior rather than behind a button in the web interface, and it should be done by the server rather than the client calling the search endpoint.
• https://wiki.neuromatch.social/Fetch_All_Replies
• https://neuromatch.social/tags/FetchAllReplies

Motivation

Two reasons:

• It's an important discovery mechanism - people should be able to see the conversation around a post (within normal privacy settings, ie. we should not be trying to get followers-only posts, etc.)
• The "a thousand of the same replies" problem is notorious on fedi and part of what makes it somewhat exhausting, and can quickly feel like brigading if a post becomes even moderately popular.

Approach

• When a post is expanded, a call is made to the context endpoint
• If that status is on a different server AND the request is coming from a logged in user on our instance, make a call to the FetchRepliesService before yielding from the db
• Remove limitation on URIs matching the host server and the limit of 5 replies in the filtered_replies method and fetch_collection.
• Instead, to mitigate amplification/DoS, replace with a single numerical limit that first filters out URLs that the instance already has (to avoid duplicated requests). This should be tied to the pagination of the context endpoint - first fetch 40 posts, then as one scrolls the server should fetch the next 40, and so on.

Concerns

Privacy has been discussed elsewhere - we will only be getting posts that wouldn't be filtered out by normal post visibility settings. ie. the user would be able to get them on their own by just running a bunch of manual searches.

• Perf & API Consistency: Having a potentially long-running service call in the context endpoint is undesirable. We should run the service as async. This will mean that later calls will yield different results (ie. as the posts are imported by the async worker). That's really only a problem for programmatic API usage, and just requires a note on the endpoint documentation. In normal web UI usage, it should look like the posts loading into the interface as they are received. The context endpoint would behave as expected on the first call, and just have extra replies in future calls. We could add an additional option that defaults false to make the reply fetching service synchronous.

Hello! mathstodon.xyz and types.pl run a patch to not strip MathML tags from posts when displaying: mastodon@0546835

Would you be interested in merging it into neuromatch.social as well? Now that Chrome added back in MathML support, it's possible it'll become more widespread. But getting support at least on Mastodon is a bit of a social problem: PRs on mastodon and glitch-soc have languished, and clients can't support native viewing until instances stop stripping it.

(also: it was a little difficult to find the source code for this instance. would you mind linking to it in version.rb?)

Thanks :-D

Steps to reproduce the problem

See: https://neuromatch.social/@[email protected]/111502628902459771

Expected behaviour

Only typeset between \( and \)

Actual behaviour

See above (this issue template sucks)

Detailed description

The instance should be configured like this:

  var nonce = document.querySelector('meta[name="style-nonce"]').getAttribute('content');
  window.MathJax = {
    chtml: {nonce: nonce},
    tex: {
      processEnvironments: false,
      processRefs: false,
      inlineMath: [['\\(', '\\)']],
      displayMath: [['\\[', '\\]']]
      }
    };

which overrides the displayMath delimiters which are $$ by default: https://docs.mathjax.org/en/latest/options/input/tex.html

This is apparently ignored because of the site's content security settings which disallow inline scripts.

So we need to use the nonce that comes from here

in the script tag, and also allow nonce'd inline scripts in our CSP.

See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script

and

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources

Mastodon instance

neuromatch.social

Mastodon version

garegarg sthsrtjytj

Browser name and version

Firefox

Operating system

macOS

Technical details

No response