I’m not too studied-up on CORS, but I know what it’s there for. Currently there’s a number of things that are not possible to do because our generator is on a different subdomain than other generators or iframes, etc. etc. and even the top-level page we’re actually on.

With that allowed (I think CORS can allow this), there’s a lot more customisation we can do of things like t2i image iframes and gallery iframes, reading/changing the top-level url, etc. Maybe that’s something you don’t want to allow, but I for one have wanted to do these things for completely benign legit reasons multiple times.

  • @wthit56OP
    link
    English
    13 months ago

    Ah yeah, I thought there’d be other repercussions. Maybe just somehow injecting in certain object so they can work? Or something? Yeah, only allow changing hash and params. That should be fine.

    Assuming replaceState is just changing the current entry in history, yeah that’s totally fine. But as it’s going to be different to that in some ways anyway, you could build in your own property with getter/setter perhaps. Like…

    get params() { return { param1: value1, ...}; },
    set params(value) { history.replaceState() ... },
    
    get hash() { return top.location.hash; }
    set hash(value) { top.location.hash = value; }
    

    May require messages or whatever.

    We can currently read hash, but set it only on our own iframe. And we can read params, but with potentially other added stuff like for the preview iframe.

    What I’ve done for now is, when the user clicks a button it clicks a hidden link which is then (presumably) caught by perchance, and changes the top-level page.

    Speaking of which, by the way… it seems going to perchance.org/generator#anchor works. But if you click a link within the generator going to #anchor it loads up /welcome#anchor instead? At the moment I’ve got some code that catches and handles clicks on such links so it just scrolls there correctly. But just a heads up, as it seems some of this stuff is implemented and working, but not fully and not all aspects.

    • @perchanceM
      link
      English
      3
      edit-2
      3 months ago

      Thanks!

      1. I’ve hackily fixed <a href="#foo">foo</a> clicks so they work properly now.

      2. I’ve also added a fix so if you visit perchance.org/whatever#foo it’ll correctly try to scroll to the id="foo" element if it exists: https://perchance.org/dkp9npcidc#foo - pinging @[email protected]

      3. You can also type a hash into the address bar of an already loaded page and press enter, and it’ll scroll to the element, like a normal top-level page does.

      4. I’ve also fixed history.replaceState so you can now change the query string of the top-level frame as shown below. It’ll throw an error if you try to change the pathname, since that could allow for malicious ‘spoofing’ of other generators as mentioned above.

      history.replaceState({}, "", `/${generatorName}?foo=1`)
      
      1. You can change the hash with window.location.hash = "#foo" (you can also do this with replaceState IIUC).
      2. You can change page/tab title with document.title = "foo"; and it’ll propagate to the top-level frame.
      3. You can change the favicon like you usually would (add a <link rel="icon" href="https://exampe.com/image.png"> to <head>) and it’ll propagate to the top-level frame.

      Let me know if you find any bugs 👍

      And I’ve added a hideGalleryButtons to the text to image plugin.

      • @wthit56OP
        link
        English
        23 months ago

        Great stuff–I’ll check those all out tomorrow and come back with an update 👍

      • @wthit56OP
        link
        English
        22 months ago

        New bug: the code expects there to be a href attribute on every <a> tag. There may not be, at which point it breaks.

      • @wthit56OP
        link
        English
        13 months ago

        Bug: if it’s just in a code block and immediately happens, setting document.title is later overridden by $meta.title. Ideally $meta.title would happen first, and then any document.title stuff elsewhere–so that it takes precedence.

        • @perchanceM
          link
          English
          13 months ago

          Hmm. If it’s during page load, then I think I should encourage people to use $meta.title for that, since that’s what search engines will see. I.e. it might be misleading if, during page load, document.title takes precedence, but then later they see that search engine’s aren’t using that. (Note that some search engines will run the full JS/iframe for certain popular pages, so they would see document.title, but it’s not guaranteed)

          • @wthit56OP
            link
            English
            13 months ago

            It’s just a temp thing for me; I add “DEV” at the front so I can see at a glance which copy I’m working on. And I still manage it, but I have to use a setTimeout, so… it’s not like it really prevents it anyhow. And a regular web page would accept this just fine without such a workaround.

            I would think the only time people ever use document.title in or out of perchance is to have a dynamic title based on stuff happening on the page–otherwise why script it at all? So it’s always done when the coder wants it to be different to the normal title, when they want to override it, ignoring anything else.

            So… dunno, my take is, it should just work the same as it does anywhere else. It’s cool that $meta.title does what it does, but it should be easily overridable I reckon. If nothing else, to keep parity with expectations for web pages in general.

            I guess that’s kind of my angle on a lot of this stuff, maybe you noticed… coming from a web-dev background and working just in raw html/css/js files for a while, I’m all about keeping it working as close to that as possible and avoid unexpected side-effects or differences. Doesn’t mean you have to take that stance, but that’s mine anyhow 😁

      • @wthit56OP
        link
        English
        13 months ago

        Bug: if a #hash is set in the address, Auto will scroll to that instead of leaving the scroll where it is. Perhaps you’re re-handling the hash after auto-partial-load, but I think could be skipped. I think refreshing on a regular web page won’t re-scroll to the hash target.

      • @wthit56OP
        link
        English
        13 months ago
        1. 👍 :target works too!
        2. 👍 And it updates from using it in the editor without actually booting you out of the editor, which is a nice touch as well!
        3. 👍
        4. 👍 And you can call just “?params” too in the regular method, which works in perchance as well. Maybe you could only allow that. Make sure it only starts with “?” or something. A note about the error it gives you when it’s a disallowed path… not being able to see the path it’s received is a bit annoying. When I throw, I like to give as much info as I can about the thing I’m throwing about, so they don’t have go and start logging things out or breakpointing just to understand the reason it threw. (Wait–generatorName is a thing?! I’ll make use of that for one of my private plugins 👍 Should I scour the windows object for such hidden gems??)
        5. 👍 I can also replaceState with “#hash”. 👍 And doesn’t scroll, though the normal method doesn’t scroll so that’s okay.
          • The :target doesn’t change though, when it does for the normal method.
          • And if you do this from the editor preview, it does add all the params from the preview iframe. Which… is probably okay, fine by me. Presumably those won’t show up unless you’re in the editor anyway.
          • Worth people noting, clicking a link to #edit does not go to edit mode, neither does setting .hash, or doing it with replaceState. Also fine.
        6. 👍
        7. Gallery buttons setting 👍 I’M SO HAPPY! :D

        Test page I used for trying all these out: https://perchance.org/testing-features-19-aug-24-498573958#edit

        • @perchanceM
          link
          English
          13 months ago

          :target

          What’s this?

          not being able to see the path it’s received is a bit annoying

          Fixed, thanks!

          Should I scour the windows object for such hidden gems

          Nope, just https://perchance.org/advanced-tutorial - and if you find something that you want to use, but isn’t documented there, please let me know

          • @wthit56OP
            link
            English
            13 months ago

            :target is a css pseudo-selector. So you could put a:target { color:red; }, and then links will be red if they have the id of the #hash. Lets you visually change elements when they’re the one being linked to.

            Ah, admittedly I did sorta skim that doc; I’d read so much stuff that day from everywhere else 😅