I'm making some progress on my micropub endpoint based on the https://go.hacdias.com/indielib library.

I can now use my endpoint for IndieAuth, and store posts on the filesystem, in the custom TOML page format I use. I'm having some trouble with the `micropub?q=config` route, and haven't started working on git sync or the media endpoint yet. One step at a time.

The main issue that's holding me back now, is that it's really hard to test if everything works as intended. I've been testing using Quill and Sparkles via my server now, but it's less than ideal to not be able to test it locally. Any advice would be appreciated 😅

Also, https://micropub.rocks doesn't work for me at all, because it doesn't use PCKE apparently.

But the clients are way easier than how I was updating my site until now, so I have enough motivation to keep at it!

#micropub #IndieAuth #indieweb

Fixed: IndieAuth login broken for third-party apps

After adding security headers (Content-Security-Policy) to harden the site, logging in with IndiePass and other IndieAuth clients silently failed — tapping “authorize” did nothing.

The culprit was form-action ‘self’ in the CSP, which blocked Browsers from following the consent form’s redirect to the client’s callback URL (e.g., indiepass.app/android-callback).

Changed to form-action ‘self’ https: to allow IndieAuth redirects to any HTTPS callback. Affects all third-party IndieAuth clients (Micropub editors, Microsub readers, etc.), not just IndiePass.

🔗 https://rmendes.net/notes/2026/02/22/a202f

Building an IndieAuth Comment System for Your Static Site | 🔗 https://brennan.day/building-an-indieauth-comment-system-for-your-static-site/

#indieweb #eleventy #netlify #javascript #indieauth #tutorial