Then I will setup nginx to forward those headers to mlmym

If you configure it to set X-Forwarded-For, you should have at least that information now already.

I actually thought it was making a https connection to Lemmy but perhaps it doesn't

That depends on the setup. If you haven't already, you should definitely set LEMMY_INTERNAL_URL so that mlmym connects to lemmy directly without TLS or a reverse proxy, which should be a lot faster (but that's only possible if they're running on the same machine, of course).

X-Forwarded-Proto is supposed to say what protocol the user (of mlmym) originally connected with though, right? Which will still end up being https in the common case of it being behind a reverse proxy that does TLS.

I have some handling for X-Forwarded-For, but none of the others. This could actually explain why I was still seeing rate limit errors despite not having made many requests from my IP address.

I'm unfortunately busy this week, but I hope I can still find some time in the next few days to implement this.

headers.set("x-forwarded-proto", request.headers.get("x-forwarded-proto") ?? "https");

Shouldn't that fallback be http, since mlmym doesn't do HTTPS itself? And I assume the reverse proxy will have set X-Forwarded-Proto to https.

You said it only appears sometimes and it fixes itself on refreshes, right? I think that would rule out a mistake in the templates somewhere (which would've meant that it's consistently failing on some pages).

I wonder what the HTML output looks like when you can reproduce it. Do the <a> elements for the links not get output at all (more likely) or are they hidden somehow?

I'm not really sure on why this would happen, to be honest.

hmm now comment scores aren't showing lmao. maybe there's something wrong with my browser?... seems like something's buggy...

That looks like you have “show scores” disabled in the preferences? Can't think of any other reason they wouldn't be showing like this.

Also, if you're wondering about the “also show on comments” option for upvote/downvote totals, I found that too distracting to show on every comment, so that extra information is only shown when there are actually both upvotes and downvotes.

Hm, it's working on my instance. I did change it to only make the search request for top communities once and cache it, so maybe that happened to run into an error and it's not trying again?

Running it locally on lemmy.today, it does seem to be working. I don't have an account here, unfortunately, so I can't test whether the “my communities” dropdown works too, but I don't see why it shouldn't.

Hello! I'm the person who made that fork.

If it does get set up here and you have any questions or run into any issues (which could very well happen, as I've done some major refactors), feel free to contact me, either by email at mlmym@mschae23.de or in the #mlmym:mschae23.de matrix room.

You can also try it out already at discuss.mschae23.de (only logged-out here, of course, which doesn't give you all options) or by running it up locally with LEMMY_DOMAIN set to lemmy.today.

I'd also recommend enabling some of the options instance-wide by default, especially SHOW_UNREAD_COMMENTS (this one has been really useful for me).

GDPR wasn't what introduced cookie banners, that was the ePrivacy directive which came before the GDPR. Either way, I'd argue cookie banners are an act of malicious compliance with both of these, as I'm pretty sure they were intended to reduce usage of tracking / analytics / other non-required cookies altogether. The annoying banners are, in my opinion, an effort to make people angry at the EU instead of the ad companies.

As far as I know (and I'm not 100 % sure), no. You don't even need to inform users that you use functional cookies. Most likely because these work for the person using your website, not against them (persisting the session, settings, and so on).

I was just being pedantic and corrected what is meant by the term “free software”, not actually arguing for or against what you were saying :)

Yes, of course, a project being paid will mean that a lot fewer people will actually use it. I wouldn't say nobody, though. As an example, there's the DeArrow browser addon which is free, but costs $1 once (with easy ways to circumvent that payment). Yet many people have paid for it anyway.

As for curl, the article says that the 23 sponsors you mentioned are only corporate sponsors. There are hundreds of people donating to the curl project, which is probably still unreasonably low, but not as dire as “only 23” would suggest. Obviously each of these donates a much lower amount, so it may still not amount to much (but I don't know enough to say that).

But in the end, as I said, you're probably mostly right, there would be very few users of free software if it was paid. Although there are also lots of users of proprietary paid software, so who knows.

The “free” in FOSS does not mean price.