docs(titkok): clarify media posting requirements

[ethrx]

Currently, Postiz only uses pull_from_url for TikTok content uploading: here.

If you are hosting your uploaded media on your localhost, or just haven't publicly exposed your /uploads route, TikTok will not be able to access your file.

There is a viable alternative, work with chunks which would take a little bit of work but would bypass the need to publicly expose your /uploads.

Anyways, this pull request clarifies the docs with the message:

NOTE: Due to TikTok's restrictions, to upload media you have to host Postiz on a domain using a reverse proxy such as Caddy or an more manual setup with Cloudflare R2.
Make sure the domain you host media on is on your developer account's list of sites with verified ownership.

Summary by CodeRabbit

• Documentation
  • Added a prominent warning in the TikTok provider docs: media must be publicly reachable over HTTPS (localhost/private routes will fail). Includes guidance to host uploads via a reverse proxy or object storage/CDN (e.g., Cloudflare R2) and to verify the media domain in your TikTok developer account to prevent blocked media during uploads.

[vercel]

@ethrx is attempting to deploy a commit to the Listinai Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

Added a warning Callout to the TikTok provider docs noting that TikTok fetches media via pull_from_url, requires publicly reachable HTTPS media (localhost/private routes will fail), and advising use of a reverse proxy (e.g., Caddy) or public object storage/CDN and verifying the media domain in the TikTok developer account.

Changes

Cohort / File(s)	Summary
Docs — TikTok provider page pages/providers/tiktok.mdx	Inserted a warning Callout immediately after the initial TikTok Callout explaining that TikTok fetches media via pull_from_url, requires publicly reachable HTTPS media (localhost/private routes will fail), recommends exposing uploads via a reverse proxy (e.g., Caddy) or using public object storage/CDN (e.g., Cloudflare R2), and instructs verifying the media domain in the TikTok developer account.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

Thump-thump, I hop through docs so bright,
A warning sign in carrot-light:
“Host it smart, keep uploads tight—
Proxy paths and R2 set right.”
Ears perked high, I nudge the note;
Verified domains keep TikToks afloat. 🥕

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 545d144 and a9c1305.

📒 Files selected for processing (1)

• pages/providers/tiktok.mdx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• pages/providers/tiktok.mdx

Pre-merge checks (2 passed, 1 warning)

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “docs(titkok): clarify media posting requirements” attempts to summarize the added documentation about TikTok media hosting but contains a typo in the scope (“titkok” instead of “tiktok”), which mislabels the primary change and reduces its clarity.	Please correct the spelling of the scope to “tiktok” and ensure the title remains concise and accurately highlights the main documentation change regarding media posting requirements.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	The description clearly explains that TikTok content uploads currently use the pull_from_url method, outlines the accessibility limitation for non-public media, references the chunked upload alternative, and states that the documentation was updated to add a note about hosting media publicly and verifying the domain.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

pages/providers/tiktok.mdx (2)

18-22: Clarify hosting scope (media vs app) and fix grammar.

The callout currently conflates hosting Postiz itself with hosting the media files TikTok pulls. Also “an more manual” → “a more manual.” Suggested rewrite tightens the guidance and keeps it media-specific.

Apply this diff:

-<Callout type="warning">
-**NOTE:** Due to TikTok's restrictions, to upload media you have to host Postiz on a domain using a reverse proxy such as [Caddy](/reverse-proxies/caddy/) or an more manual setup with [Cloudflare R2](/configuration/r2/).
-
-Make sure the domain you host media on is on your developer account's list of sites with verified ownership.
-</Callout>
+<Callout type="warning">
+**NOTE:** TikTok fetches media via pull_from_url. Your media files must be publicly reachable over HTTPS; localhost or private routes (e.g., `/uploads`) will fail. Expose your uploads via a reverse proxy (e.g., [Caddy](/reverse-proxies/caddy/)) or use object storage/CDN such as [Cloudflare R2](/configuration/r2/) with public access.
+
+Ensure the media domain is listed under your TikTok developer account’s verified sites.
+</Callout>

---

12-16: Clarify TikTok redirect-URI and media-host verification requirements

• Line 15: revise the HTTPS callout to specify that Web Login Kit redirect URIs must begin with https only, and that only the Desktop Login Kit permits http://localhost:‹port› for development.
• Lines 18–22: add a note that when using the Content Posting API’s pull_from_url, the media host domain (or URL prefix) must be pre-verified in your TikTok developer app.
• Lines 47–49: update or remove the http://localhost example to indicate it applies solely to Desktop Login Kit development, not Web Login Kit.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5fb87c9 and 545d144.

📒 Files selected for processing (1)

• pages/providers/tiktok.mdx (1 hunks)