Prevents instances from being rate limited due to being senselessly
crawled by search engines. Since there is no reason to index Nitter
instances, simply block all robots. Notably, this does *not* affect link
previews (e.g. in various chat software).
m3u8 videos only work when the proxy is enabled. Further, this allows
video playback without Javascript.
This is only done when proxying is disabled to avoid excessive memory
usage on the nitter instance that would result from loading longer
videos in a single chunk.
Current Alpine doesn't ship with the "well-known" CA
certificates. Without them present, outbound HTTPS or TLS connections
aren't even initiated, leading to this at startup:
```
fetching token failed: No SSL/TLS CA certificates found.
```
This adds `ca-certificates` to the runtime image.
This change is to work around the issue that chromium based browsers have handling the "name=orig" parameter appended to URLs. This parameter is needed to retrieve the full resolution image from twitter, but causes those browsers to fill in "jpg_name=orig" as the extension on the filename.
This change adds a new endpoint, "/pic/orig/<encoded media>". This new endpoint will internally fetch the URL with ":orig" appended on the end for the full res image. Externally, the endpoint will serve the image without the extra parameter to expose the real extension to the browser.
This new endpoint is used when rendering tweets with attached images. The old endpoint is still in place for all other proxied images, and for any legacy links.
I also updated the "?name=small" parameter to ":small" since that seems to be the new pattern for image sizing.
This should fix issue #458.