this post was submitted on 02 Jun 2026
0 points (50.0% liked)

WebDev

1350 readers
1 users here now

Community for all things Web Development related.

founded 3 years ago
MODERATORS
postman@lemmy.world
0
Show Lemmy: I built a free streaming site from scratch — vanilla JS, Node.js, MongoDB, $0/month stack (eli6movies.vercel.app)
submitted 2 weeks ago* (last edited 2 weeks ago) by eli6@lemmy.world to c/webdev@lemmy.world
20 comments fedilink hide all child comments
 

Built ELI6 Movies as a side project to push how far a free-tier stack can go.

Tech:

  • Frontend: pure HTML/CSS/vanilla JS on Vercel (free)
  • Backend: Node.js/Express on Render (free)
  • DB: MongoDB Atlas M0 (free)
  • Metadata: TMDB API
  • Video: third-party embeds with smart server failover

Interesting bits:

  • Multi-server failover via postMessage detection
  • Episode email notifier
  • Tiered TMDB cache
  • i18n (EN/IT/RU)
  • Android TV spatial navigation

→ Watch now

Happy to answer questions about the architecture.

top 20 comments
sorted by: hot top controversial new old
[–] TragicNotCute@lemmy.world 2 points 2 weeks ago (1 children)

Cool concept and that’s definitely the start of the Backrooms (saw it yesterday in theaters), so that’s cool. I will not be returning to the site because of the ads/malware being served.

When trying to seek on the movie, you get tons of pop ups with the classic VPN scare messages. No thanks.

[–] eli6@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

haha thats just whatever movie was on the homepage when i took the screenshot, it pulls the backdrop from tmdb. enjoy the backrooms lol

[–] TragicNotCute@lemmy.world 2 points 2 weeks ago (2 children)

I feel like you didn’t read my full comment. I’d love to see you address the malware and popups.

[–] eli6@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

yeah you were right, my bad. embeds were calling window.open() and the sandbox let it through. removed allow-popups so they cant do that anymore, video still works fine. give it another try if you want

[–] eli6@lemmy.world 1 points 2 weeks ago

i did read it — popup fix is in now. removed allow-popups from the iframe sandbox so embeds cant open new tabs. worth retrying if you want

[–] python@lemmy.world 2 points 2 weeks ago (2 children)

slop

[–] eli6@lemmy.world -2 points 2 weeks ago* (last edited 2 weeks ago)

sure, what specifically bothered you

[–] ultimate_worrier@lemmy.dbzer0.com 1 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

SLOP

Slop, slop, slop everywhere!

This is shite and you should be embarrassed of the pops and malware you’re exposing people to.

[–] slazer2au@lemmy.world 2 points 2 weeks ago (2 children)

Mate it worse then you think.

The repo
https://github.com/EliseyRotar/eli6_movies

Step 3 in the database setup.

Network Access → Allow Access from Anywhere (0.0.0.0/0) - required for Render's dynamic IPs
[–] ultimate_worrier@lemmy.dbzer0.com 2 points 2 weeks ago

Thanks for exposing yourself to that mess.

I didn’t even go to the repo because of the hypothetical potential for infection! 🤣

It’s encouraging to see people that recognize the glaring issues with these sloppy piggies popping up everywhere.

[–] eli6@lemmy.world 0 points 2 weeks ago (1 children)

yeah same answer as the other comment — render free tier has no static IPs so you cant restrict by IP at all. strong credentials are the actual protection, not IP allowlisting

[–] slazer2au@lemmy.world 0 points 2 weeks ago (1 children)

You can. Your AI slop just doesn't know how.

[–] eli6@lemmy.world 0 points 2 weeks ago* (last edited 2 weeks ago)

you are right, my bad. render publishes fixed CIDR ranges per region, you can get them from the dashboard and allowlist those in atlas instead of 0.0.0.0/0. updating the readme

[–] eli6@lemmy.world -1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

popups were coming from window.open() inside the embed iframes, removed allow-popups from the sandbox so that cant happen anymore. should be good now

[–] ultimate_worrier@lemmy.dbzer0.com 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

🤣🤣🤣🤣🤣

You even slop coded your reply here complete with an emdash!

Step away from the LLM and try to UNDERSTAND what you’re trying to get others to use. Your app is like an open sewar and you’re completely blind to what it actually does because you’ve become so dependent on the LLM. What happens when Anthropic or OpenAI start charging what it actually costs to run their hardware? Anthropic says that they see $8/day per average user in token usage. You’ll be stuck with spaghetti code and no LLM to unravel the context for you.

I use LLM’s all the time but at least I absolutely insist on keeping my hand on the steering wheel, closely supervising and making sure to fully understand the cognitive context of what the LLM Is producing. If you don’t even know what it does, you should have your stupid LLM walk you through it at the very least. Until then, no one is going to trust your strange ai fueled fever dream.

I’m embarrassed for you.

[–] eli6@lemmy.world -1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

got me on the emdash lol. fair points though, working on it

[–] ultimate_worrier@lemmy.dbzer0.com 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

“Fair”

I’ve used Claude enough to know that even this reply was generated by it. Seriously. Wake up!

[–] eli6@lemmy.world -1 points 2 weeks ago

believe what you want

[–] eli6@lemmy.world -1 points 2 weeks ago

popups came from the embed iframes, not the site itself. removed allow-popups from the sandbox so they cant do that anymore