"Trying something?"

;)

Passing username and password as HTTP Headers doesn't seem like a good idea

I'm curious about what makes it a bad idea. What is the difference between sending it as a header compared to sending it as form data? If someone has access to headers, they probably also have access to the body.

Yeah you're right, that's definitely not the the most secure. Do you know of a more secure alternative I could try instead?

I'd suggest using forms.Form for a LoginForm containing e.g.

username = forms.CharField(max_length=150) password = forms.CharField(widget=forms.PasswordInput)

and then a view to instantiate form with request.POST (if request.POST) like:

form = LoginForm(request.POST)

and then if form.is_valid() you can clean data using

username = form.cleaned_data['username']

and the same for password.

Then:

user = authenticate(request, username=username, password=password)

and then check if user is not None then login(request, user)

Note that login and authenticate come from django.contrib.auth import authenticate, login

Hope that helps.

Thank you, Django Forms do look promising. I’ll definitely look into more secure alternatives to the current implementation.

...how is that more secure?

Hackers also use banks. Are them supposed to hack them as well?

> Hackers also use banks

Modifying CSS on my machine for my viewing isn’t comparable to hacking a bank.

I'm not comparing on those terms. I'm comparing about "being supposed" to do something. We may have the ability, but that doesn't mean that we will do everything we have the ability for.

Like https://darkreader.org/ that costs?

Or tampermonkey and 2 minutes of writing CSS overrides. What, you people are hackers, aren't you?

...which only works in some browsers.

Solution: use a browser that respect client-side overrides. You should be doing this anyways, if you want a usable adblock browsing experience. People that use Safari or flip-phone browsers don't reserve the right to complain about the web being unusable.

To quote Thom Yorke, "You do it to yourself, you do; and that's why it really hurts"

It's easier than you'd think.

In many cases, you can probably get by with your browser's default Reader Mode.

I'll use uBlock Origin's element zapper on a whole heck of a lot of sites, and you can write default rules for common annoyances as well.

If you get fancy, you can write generalised styles which address specific annoyances, and toggle those on or off on specific websites.

Otherwise, I'd found I'd written a thousand or so custom styles over a couple of years at one point. Most were quite elementary (usually font tweaks or removing headers / social link-litter). A few ... somewhat less elementary. Taught myself a lot about CSS in the process.

I don't think they meant that it would be needed to make new overrides for every site typically. Dark Reader extension works fine with 99% of sites out of the box and is free.

Caring about the background color of a website is unhealthy and unfair. You have the client-side tools to fix it, so do it.

No, just the ones you really care about.

You're right. Someone should do it for you, for free. /s

Dark Reader is free and open source software, always has been. That price on the main page is just for a voluntary donation if you so desire.

The free download buttons are in the middle of the page. There are also multiple links to the source code at the bottom.

Not true. You must install from the AppStore and it charges you.

You seem to be referring to the ios/mac app store thing specifically, which is NOT what 99% of people use. That is a separate whole browser with the extension pre-installed and completely unnecessary.

Just use the links in the middle of the page and it will install it for free like every other normal browser extension people use all the time.

https://addons.mozilla.org/en-US/firefox/addon/darkreader/

The firefox extension alone has 1 million installs just from this page, we all installed it for free and have been using it for years. I think asserting that there are only paid options is disingenuous to say the least.

It would be really appreciated for you guys to consider adding a dark theme for HackerNews.

The reasons, well, could be added as comments here in the thread. Though, as you may imagine, it's mostly because of my eyes when I visit you guys without daylight.

Have people complaining of eyestrain from "light mode" considered checking their display brightness? Displays should match the brightness of their backgrounds, or in general somewhere around 100–150 cd/m² (aka 100–150 nits). Most monitors are capable of going much brighter than this, and really should not be used that way, because it tends to... cause eyestrain.

I have brightness on high since every other application and website I use has a dark mode and I get blinded when switching to Hacker News.

Effective luminosity isn't just a function of how much light the device can output at a given setting but also how much light is being blocked or is otherwise not emitted by the image being displayed. By making the background dark and the relatively sparse text light, you can lower overall light output while preserving more of the contrast.

And low contrast can also cause eye strain.

I find light mode painful even on minimum brightness.