5
submitted 1 year ago by ruk_n_rul to c/plugins@sh.itjust.works

I mean, I wanted to start work on it, but if someone's already released/working on one then I'd just happily use those instead.

Also, the absence of a thing usually means it's not possible to have. In my mind I think it's easy to have userscript code make API posts on behalf of the user, but maybe somehow in the intricate layers of tech it's made impossible or tedious. If so, I'd like to know before I learn it the hard way.

you are viewing a single comment's thread
view the rest of the comments
[-] ruk_n_rul 1 points 1 year ago* (last edited 1 year ago)

that's a major security risk. even the reddit predecessor uses app tokens (though with the death of 3pa idk if such things still work). that's why I want something that only runs on the client side.

tbf there's nothing stopping userscripts from stealing your jwt token in the cookie, which is just as big a security risk, but at least with userscripts you can read the source code.

my plan would be similar to that one in which I store the jwt with the scheduled posts, with the notable difference of the data remaining on the browser storage. i wont even need to see any passwords since the jwt is already in the cookie which the script could read off of.

this post was submitted on 10 Aug 2023
5 points (77.8% liked)

Lemmy Plugins and Userscripts

3 readers
1 users here now

A general repository for user scripts and plugins used to enhance the Lemmy browsing experience.

Post (or cross-post) your favorite Lemmy enhancements here!

General posting suggestions:

Thanks!

founded 1 year ago
MODERATORS