this post was submitted on 23 Jul 2025
22 points (92.3% liked)

Voyager

7096 readers
26 users here now

The official lemmy community for Voyager, an open source, mobile-first client for lemmy.

Download on App Store

Download on Play Store

Use as a Web App

Download on F-Droid

Rules

  1. Be nice.
  2. lemmy.world instance policy

Sponsor development! 👇

Number of sponsors badge

💙

founded 2 years ago
MODERATORS
aeharding@lemmy.world
aeharding@vger.social
22
Haven’t been able to log in (lemmy.world)
submitted 4 days ago* (last edited 4 days ago) by Gingerlegs@lemmy.world to c/voyagerapp@lemmy.world
12 comments fedilink hide all child comments
 

To Lenny.world for days. No issues with others…

Deleted app and re-downloaded. Still can’t log in.

Any clue?

you are viewing a single comment's thread
view the rest of the comments
[–] MrKaplan@lemmy.world 5 points 3 days ago* (last edited 3 days ago) (4 children)

Hi,

this was possibly an unintended side-effect of our increasingly aggressive AI crawler DDoS blocking. When increasing the scope of issuing Cloudflare challenges we missed excluding API endpoints from the rule, that should be fixed now.

This should only have affected clients with browser user agents though, and I see requests with user agent VoyagerApp/1.0. @aeharding@vger.social do you know if Voyager can send browser-like user agents when installed from App Store?

[–] aeharding@vger.social 7 points 3 days ago* (last edited 3 days ago) (1 children)

o you know if Voyager can send browser-like user agents when installed from App Store?

Voyager actually used to haha. But added a static voyagerapp user agent because lemmy.ml started blocking without last year 🫠 can’t win unfortunately. Thanks for fixing.

Btw, voyager PWA will always use browser ua, native app will use VoyagerApp/1.0 for api requests, AND <browser ua> VoyagerApp/1.0 for browser managed requests (like loading images).

TLDR native app will always have VoyagerApp/1.0 somewhere in the string, PWA doesn’t touch the ua

[–] MrKaplan@lemmy.world 1 points 3 days ago (1 children)

i see. for PWAs that's expected, for the native app i would've expected a consistent UA for all requests.

our current blocks/challenges are explicitly targeting things that pretend to be browsers while not actually being browsers. we try to exclude requests that are expected to be accessed by browser based clients that aren't directly on the main site. appending to browser user agents still matches our browser user agent detection.

i'm not sure why this was causing issues here though, especially with the login, as that should just be 100% api stuff and therefore use VoyagerApp/1.0 from the native app?

[–] aeharding@vger.social 5 points 2 days ago

I see what you’re saying, but I disagree it should be consistent: the user agent should accurately identify the software that’s requesting a resource.

When Voyager just sends VoyagerApp without the browser stuff, it’s because the code that is making the http request actually bypasses the browser entirely, and is done natively with CapacitorHttp (helps to bypass CORS for perf and server misconfiguration).

I could see an argument for changing it to CapacitorHttp/8.0 VoyagerApp/1.0 for API requests. But if voyager changed the header to include browser ua, that would actually be spoofing since the browser played no part of making or handling the request.

i'm not sure why this was causing issues here though, especially with the login, as that should just be 100% api stuff and therefore use VoyagerApp/1.0 from the native app?

Yes, that’s right, that is odd! 🤔

load more comments (2 replies)