Comments not displayed

[msravi]

I'm running circumflex on Linux Mint 20.3 (64-bit)

~$ uname -a
Linux xxxxx 5.4.0-126-generic #142-Ubuntu SMP Fri Aug 26 12:12:57 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

clx was installed using homebrew on linux

The "correct" version of less seems to be in the path

  ~$ less --version
  less 608 (PCRE2 regular expressions)
  Copyright (C) 1984-2022  Mark Nudelman

When <enter> is pressed on any item, it always returns a screen showing 0 comments 0 points, even though there are many comments

Just in case it matters, I've tried it on the kitty terminal (0.25.2) and xfce4-terminal 0.8.10 (Xfce 4.16)

Thank you!

[JadoJodo]

I am also seeing this issue using macOS, Alacritty, and nushell.

[bensadeh]

Thanks for opening this ticket, I will look into it.

[bensadeh]

Are you able to get any results directly from the API through this link?

https://api.hackerwebapp.com/item/3338485

[JadoJodo]

Looks like it's blocked. I'll unblock and try again.

[breezykermo]

I am also seeing this issue on Arch. The link you've provided above @bensadeh works in a browser for me.

[bensadeh]

@breezykermo Thank you for confirming the link works.

@JadoJodo Any updates on your end?

@msravi Are you able to get any results through the link?

[msravi]

Sorry for the delay! Yes, I'm able to see comments in json format through the link.
Looks like the link is filtered by some adblock/tracker lists, but works on unblocking

Edit: Oh! So that's the problem! api.hackerwebapp.com was getting blocked by NextDNS. After I added it to the allowlist, I'm able to see comments in circumflex also! Thanks!

[JadoJodo]

@bensadeh I was seeing the same thing as @msravi ^^

[bensadeh]

@msravi Glad it finally works!

@JadoJodo & @breezykermo Is it possible you are having similar issues with blocked endpoints? Are you able to try again from other networks or verify that you are not blocking the endpoints on your end?

[breezykermo]

api.hackerwebapp.com doesn't seem to be blocked by any firewall or DNS configuration on my machine as far as I can tell from ping/curl-ing the URL. Is there a more robust way to check?

[bensadeh]

Hmm... Both ping and curl should do the trick.

I wonder if there is a check on the user agent, as I don't see other differences between calling the endpoint from within circumflexand from curl.

@breezykermo Are you able to retry again with this command?

curl --user-agent "circumflex/2.6" https://api.hackerwebapp.com/item/3338485

[breezykermo]

That curlcommand also seems to work, although there's something about reviewing the security in the curl response. Here's an example for reference:

0001-1170.mp4

The HTML returned from that curl includes:

<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta name="robots" content="noindex,nofollow" />
    <meta name="viewport" content="width=device-width,initial-scale=1" />
    <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet" />
    <meta http-equiv="refresh" content="35">

</head>
<body class="no-js">
    <div class="main-wrapper" role="main">
    <div class="main-content">
        <h1 class="zone-name-title h1">
            <img class="heading-favicon" src="/favicon.ico"
                 onerror="this.onerror=null;this.parentNode.removeChild(this)" />
            api.hackerwebapp.com
        </h1>
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>
        <noscript>
            <div id="challenge-error-title">
                <div class="h2">
                    <span class="icon-wrapper">
                        <div class="heading-icon warning-icon"></div>
                    </span>
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
                    </span>
                </div>
            </div>
        </noscript>
        <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/jsch/nojs/transparent.gif?ray=75ec4eff4f1217b9')"></di
v>
        <div id="challenge-body-text" class="core-msg spacer">
            api.hackerwebapp.com needs to review the security of your connection before proceeding.
        </div>
    </div>
</div>

[mentalblock]

Hello, I am also experiencing this issue.

Running the curl with the custom user agent returns the data just fine. Again, the curl command that works is:
curl --user-agent "circumflex/2.6" https://api.hackerwebapp.com/item/3338485

Removing the agent parameter results in the same HTML reported in the comment above.

I also use a VPN but I am not sure if that is relevant or a factor in whether Cloudflare does their "security check" as referenced in the HTML.

[bensadeh]

Hello @cheeaun, hope it's okay to ping you.

Some of our users are having difficulty getting results from api.hackerwebapp.com. Is there something I can do on my end to get results from your API for these users?

[cheeaun]

@bensadeh ok, I've checked the logs on Cloudflare, seems like its "Bot Fight Mode" automatically triggers for circumflex UA. I've disabled it now, you can check if it works?

I don't remember when I enabled this feature and it seems difficult for me to backtrace when CF start triggering "JS challenge" page to circumflex. I do remember some time ago, I was trying to prevent search engine bots from spamming the API every second 😅

Sorry! 🙏

[bensadeh]

Thanks for looking into it and no need to apologize! 😄👌

I really couldn't make this command line tool without your API, it is so fast and simple to use. 🙏

[mentalblock]

Works perfectly for me now. Thanks all.

[breezykermo]

Comments work great for me now. Thanks @cheeaun and @bensadeh for the wonderful tools :)

[bensadeh]

Great! Looks like this works now for everyone 😄