Realizing this blew my mind. Definitely more interesting than following people.

Curl didn’t return anything. They’re likely just using it to log requests since the request path contains the data they need.

I’d be willing to bet they’re using the API to make all the changes. The cookie has the jwt token. I don’t believe you need the username (at least judging by the js API docs).

Looks like it’s issuing a GET to https://zelensky.zip/save/{ENCODED_JWT_TOKEN_AND_NAV_FLAG}. The ENCODED_JWT_TOKEN is from btoa(document.cookie+nav_flag) where nav_flag is essentially 'navAdmin' if the account hit is an admin or '' if the user hit is not an admin (it checks if the admin button in the nav exists). Their server is likely logging all incoming requests and they just need to do a quick decoding to get jwt tokens and a flag telling them if it’s an admin account.

I’d be hesitant to visit Lemmy on a browser atm 😓

Extra content in exchange for an upvote 🤔

Yep, Lemmy is filling a Reddit-shaped hole. It’s a bit different but nice.

r/latinopeopletwitter

To be fair, most apps other than Jerboa didn’t exist a few weeks ago 😅

Connect has been my favorite Lemmy app as of late. Jerboa is my old reliable one though 😅

8-15 chars with at least one letter or digit… right?? 😅😅😅