From aea0c8f1f1bf8540feaa695536d185099d5e552a Mon Sep 17 00:00:00 2001
From: arne <noreply@null.arnes.space>
Date: Fri, 21 Nov 2025 07:28:08 +0100
Subject: [PATCH 1/3] Remove `?code=` parameter after fetching bearer token

This is to ensure that it's not stored in any bookmark. The parameter
only has a short validity, so it's mostly cosmetic, but the docs
[recommend treating it
securely](https://docs.joinmastodon.org/methods/oauth/#200-ok).

Unfortunately it will still show up in logs. We should consider
switching to `urn:ietf:wg:oauth:2.0:oob`.
---
 src/computersandblues/lodestone/app.cljs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/computersandblues/lodestone/app.cljs b/src/computersandblues/lodestone/app.cljs
index b91fc8c..42b54e8 100644
--- a/src/computersandblues/lodestone/app.cljs
+++ b/src/computersandblues/lodestone/app.cljs
@@ -134,7 +134,9 @@
                                                    :redirect_uri (:redirect_uri application)}))})
    (.then (fn [res]
             (let [bearer-token (-> res :body :access_token)
-                  application (assoc application :bearer_token bearer-token)]
+                  application (assoc application :bearer_token bearer-token)
+                  path (-> js/location .-pathname)]
+              (.replaceState js/history nil "" path) ; remove ?code= param
               (db/put! ::db/application application)
               application)))))
 

From 33ebd5eb2a62e2505e86c3af541b80f302e80cae Mon Sep 17 00:00:00 2001
From: arne <noreply@null.arnes.space>
Date: Fri, 21 Nov 2025 07:44:15 +0100
Subject: [PATCH 2/3] Start autoplaying gifs only on hover or tap

---
 src/computersandblues/lodestone/app.cljs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/computersandblues/lodestone/app.cljs b/src/computersandblues/lodestone/app.cljs
index 42b54e8..1671a3c 100644
--- a/src/computersandblues/lodestone/app.cljs
+++ b/src/computersandblues/lodestone/app.cljs
@@ -358,9 +358,12 @@
       "video" [:video {:controls true}
                [:source {:type (str "video/" ext) :src remote-url}]
                [:a {:href (:remote_url attachment)} (str "Original video at " (:remote_url attachment))]]
-      "gifv" [:video {:loop true :autoplay true :muted true}
-              [:source {:type (str "video/" ext) :src remote-url}]
-              [:a {:href (:remote_url attachment)} (str "Original video at " (:remote_url attachment))]]
+      "gifv" (let [autoplay (r/atom false)
+                   toggle-autoplay #(swap! autoplay not)]
+               (fn []
+                [:video {:loop true :autoplay @autoplay :muted true :on-pointer-enter toggle-autoplay}
+                 [:source {:type (str "video/" ext) :src remote-url}]
+                 [:a {:href (:remote_url attachment)} (str "Original video at " (:remote_url attachment))]]))
       [:div [:strong "Unsupported attachment"]
        [debug attachment]])))
 

From 84109a342928251da5e685fde0072308016ca0f6 Mon Sep 17 00:00:00 2001
From: arne <noreply@null.arnes.space>
Date: Fri, 21 Nov 2025 08:26:38 +0100
Subject: [PATCH 3/3] Fix badly stretched image attachments

---
 public/index.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/index.html b/public/index.html
index e87f052..5742287 100644
--- a/public/index.html
+++ b/public/index.html
@@ -230,6 +230,7 @@
          margin-top: 16px;
          height: 320px;
          display: flex;
+         align-items: flex-start;
          max-width: 100%;
          overflow: auto;
      }