Well, this would probably be a problem for Glitch because users may not want Glitch’s name to be on their projects and they would move to another service.
I don’t really see why having “Glitch” in the server headers is an issue. Many services and hosts add headers. Cloudflare adds headers and they have millions of customers.
3 Likes
I stole the idea from AdInPlay. If you go to mayank1234cmd.glitch.me on the console (ctrlShiftI) it shows it in colored
Edit 2: Added it in mayank1234cmd.glitch.me/glitchPowered.html
people would get unahppy if they found javascript was being injected they might even devise methods to counter it
The Glitch header would be sent by their proxy, not injected to the projects source
1 Like
Would still be injection. They are putting code in their code.
“Code Injections” by Glitch are nothing new. Glitch has a proxy infront of every project to prevent pings.
1 Like
It’s not code injection, it’s proxying. The two topics are entirely different and cannot be compared up to one another.
The specific task of a reverse-proxy is forwarding the request of a client to a server, and send back the result. However the proxy is modyfing the returned headers, which is not considered injection it’s considered a man in the middle attack, however this is not an attack because it’s intended for their proxy.
1 Like
Hence the “code-injections” in quotes.
Bump, this really needs to happen!
3 Likes
Bumping this thread again because this quite important.
Right now when a Glitch site is behind Cloudflare, there isn’t a way to verify it is on Glitch, which is a bit of an issue.
1 Like
You can actually check if a project is a glitch project using this:
https://api.glitch.com/v1/projects/by/domain?domain={project.domain}
However, this only applies if the domain is proxied by Glitch. If a person decides to use their own reverse-proxy there is simply no way of knowing, because a custom reverse-proxy could just block the Glitch header anyway.
However, because of the few amount of people who have the ability to host their own reverse-proxy I still think it is worth it to add a custom Glitch header!
It sounds quite neat but I can’t get it working. Does it require a authentication header?
It appears not to be working, I’ll debug it and see what I can do on my end. Give me a few moments and I’ll get back to you.
It actually seems I was wrong. It doesn’t fetch a project by a domain, it fetches it by project-name which makes the whole thing a lot much harder. I’ll look through Glitch’s client-side source code and see if I can find a replacement.
Thanks, I’ll have a look too.
It sadly seems like they don’t emit map files anymore, making debugging a lot harder, I don’t have the time to do reverse-engineering atm.
Oh, I always do the lazy option and just have a look at the network tab.
I also believe they have some map files up:
Huh… Weird that the debugger didn’t load them.