F-Droid version is not the same as the Github release (v0.6.5)

[ltguillaume]

When trying https://brightdv.github.io/boxbox/ none of the data can be fetched, because:

Access to XMLHttpRequest at 'https://api.formula1.com/v1/editorial/articles?limit=16&offset=0' from origin 'https://brightdv.github.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://www.formula1.com' that is not equal to the supplied origin.

[BrightDV]

That's the reason I created the Box, Box server some time ago.
In the settings, you can specify an URL to a custom server or use the default one: here is how to setup the server inside Box, Box! step-by-step (you don't have to run your own): https://github.com/BrightDV/BoxBox/wiki/Use-your-own-Box,-Box!-Server-with-the-app.

Also thanks for the report, I will make the setup needed clearer in the README.

[ltguillaume]

Ah that makes sense! That indeed made the "client" instance work correctly, great! Perhaps you could set the the default server for https://brightdv.github.io/boxbox/ to a proxy (https://boxbox-server.brightdv.repl.co) then?

By the way, Schedule > US > quali states "Data unavailable" and
Schedule > Race says the race starts in 10 hours, that's odd...

[BrightDV]

Ah that makes sense! That indeed made the "client" instance work correctly, great! Perhaps you could set the the default server for brightdv.github.io/boxbox to a proxy (boxbox-server.brightdv.repl.co) then?

Yes, that is on my todo list!

By the way, Schedule > US > quali states "Data unavailable" and
Schedule > Race says the race starts in 10 hours, that's odd...

Oops, that's my fault! I did not update the web version yet (the mobile version works as expected). I will update it tomorrow afternoon, thanks.
In the meantime, the Race Hub works as expected, with the real schedule.

[ltguillaume]

By the way, Schedule > US > quali states "Data unavailable" and
Schedule > Race says the race starts in 10 hours, that's odd...

Oops, that's my fault! I did not update the web version yet (the mobile version works as expected). I will update it tomorrow afternoon, thanks. In the meantime, the Race Hub works as expected, with the real schedule.

Hmz, I am actually seeing this issue in the mobile version (0.6.5 F-Droid)... I tried using the official server(s) and the proxy server.
Race Hub indeed does show the right timestamps.

[BrightDV]

I just tried with the F-Droid release, and it doesn't work, whereas the GitHub release works perfectly.
I remember deleting and recreating the tag of the release, but it wasn't about a commit like this.
I will have to investigate...

Edit: seems deeper, it was also present in v0.6.4...
You can download the version from the GitHub releases instead, as the change is older.

[ltguillaume]

It's all right, I know now that it's a bug that'll be fixed in the next version, I'll wait 🙂

[BrightDV]

Is there the same issue with the v0.7.0 version?

Ah that makes sense! That indeed made the "client" instance work correctly, great! Perhaps you could set the the default server for brightdv.github.io/boxbox to a proxy (boxbox-server.brightdv.repl.co) then?

I should be in v.0.7.1 (I hope), as I just deployed it on Netlify. Replit blocked some months ago website hosting, so I gave up on that feature, but now it is back, so I will do it shortly!

[BrightDV]

Done in a2f0eef

[ltguillaume]

Should https://brightdv.github.io/boxbox/ now be working? I'm just getting "Something went wrong".

[BrightDV]

It should if you manually set the URL to https://boxbox-server.netlify.app/api (in the server settings).
The feature you mentioned will be available in the next update, though.

[ltguillaume]

So, when I set https://boxbox-server.netlify.app/api in the server settings (either on https://brightdv.github.io/boxbox/ or in the app itself), I see it connects to the following domains:

• netlify.app (makes sense)
• formula1.com (looks like this is for images, shouldn't those be proxied?)
• ergast.com ("This website hosts an experimental Motor Racing Developer API."??)
• cloudfront.net (not proxied?)
• cloudflare.com (not proxied?)

Additionally, the Standings and Schedule sections do not load.

[BrightDV]

First, the proxy has been made for the web version, to be able to use the app on non-Android devices by circumventing the CORS restrictions. Therefore, the proxy is not privacy-oriented by design, but it helps to block most of the official website's trackers if you are using the Android app. (it gives the original HTML, and a lot of scripts fail to load).
So it is primarily a basic tool to help web users.

formula1.com (looks like this is for images, shouldn't those be proxied?)

Mostly images, yes (I guess, may verify)

ergast.com ("This website hosts an experimental Motor Racing Developer API."??)

As stated in the README, it is the primary source for the standings/schedule/race and qualifs results. It is an open database for Formula 1, other open-projects use it too, like FastF1

cloudfront.net (not proxied?)

Images from all F1's content (articles/videos).

cloudflare.com (not proxied?)

Worse than the previous, I will have to find the origin.

I may try to proxy all the images, but I don't know if it would be very useful, and also use a lot more of bandwidth. Maybe I should have precised that in the README, what do you think?
Also, the proxy is open-source, if you want to check how it works!

[ltguillaume]

but it helps to block most of the official website's trackers if you are using the Android app

That is a big plus, even when using the app.

I've tried to compare using the app vs. using the web version in good ol' WebApps (https://f-droid.org/en/packages/com.tobykurien.webapps, if there's ever another project you'd like to get into, please consider forking this and continuing its development, it's so damn useful 😅). Looks like it works pretty great.

Oops, I totally forgot about that nice little list in README.

• I've allowed ergast.com in WebApps and now Standings and Schedule work correctly
• Standings and Schedule didn't work in the Android app using the proxy, though. Stange.

Well, Cloudfront and esp. Cloudflare are pretty much the cancer of modern internet. Considering all instances of alternative frontends like Invidious tend to explicitly expose whether they're using Cloudflare, it would make sense to include info about it for Box, Box! as well.

[BrightDV]

I've tried to compare using the app vs. using the web version in good ol' WebApps (f-droid.org/en/packages/com.tobykurien.webapps, if there's ever another project you'd like to get into, please consider forking this and continuing its development, it's so damn useful 😅). Looks like it works pretty great.

Yeah, I used it in the past, it is very useful, but I switched to Native Alpha (more recent updates).

Oops, I totally forgot about that nice little list in README.
I've allowed ergast.com in WebApps and now Standings and Schedule work correctly
Standings and Schedule didn't work in the Android app using the proxy, though. Stange.

No problem. In the latest couple of days, there were a lot of 503 errors returned by Ergast because of the new season, but it should work again now (so probably not app related). There is a cache for these requests, and in case of error, the values stored are shown.

Well, Cloudfront and esp. Cloudflare are pretty much the cancer of modern internet. Considering all instances of alternative frontends like Invidious tend to explicitly expose whether they're using Cloudflare, it would make sense to include info about it for Box, Box! as well.

Yes, I will do that!

Also, the web version should be updated to 0.7.1 in the next couple of minutes! Completely broken...

[BrightDV]

Also, the web version should be updated to 0.7.1 in the next couple of minutes! Completely broken...

The issue was only present on desktop, and was concerning the renderer implementation (CanvasKit) and some scripts loading. I have replaced it with the HTML renderer only, so it should be finally available now!
Also, the build includes a bit more commits than the release (some bug fixes that will be very useful for web).

Finally, I found the source of the Cloudflare requests: the JS script of the PDF comes from a Cloudflare CDN. Would you know any alternative to Cloudflare CDNs for Ajax scripts?
Otherwise, if you don't read the race documents (in the race hub), you should be able to block the domain without problem.

[ltguillaume]

Thanks, looks great! I'll have a look at that, there should be more privacy friendly CDNs with those script.

I think I also saw that some fonts were downloaded from Google before, right? Doesn't seem to happen anymore 😃