~1 min

Turn ZEIT into a Spectrum proxy


While browsing ZEIT for aesthetic pleasure from their minimalist web design, I stumbled across “Community Chat” page, which displays live member count in their community on Spectrum.

After some analysis, I noticed the ZEIT’s API endpoint https://zeit.co/api/v1/chat this page uses for data fetching, is actually a proxy to Spectrum’s own GraphQL endpoint https://spectrum.chat/api.


Simply proxying the endpoint from Spectrum is convenient and could reduce the development cost at ZEIT. However, it makes ZEIT prone to resource abuse.

Also, I doubt this is the intended behavior for /api/v1/chat. It should not be allowed to query anything from Spectrum.


Since the ZEIT’s chat endpoint is just a proxy, let’s use it to look for Haskell communities on Spectrum.

Server Request

HTTP POST /api/v1/chat
Host: zeit.co

query=query ($type: SearchType!) {
  search(queryString: "Haskell", type: $type) {
    searchResultsConnection {
      edges {
        node {
          ... on Thread {
            community {
            content {

  "type": "THREADS"

Server Response

  "data": {
    "search": {
      "searchResultsConnection": {
        "edges": [
            "node": {
              "community": {
                "name": "haskell",
                "description": "A place to talk about Haskell"
              "content": {
                "title": "What are some good open source Haskell projects, a beginner can start contributing to?"

As we can see, this arbitrary GraphQL query is requested through ZEIT’s API endpoint, but for the data that has a little to do with ZEIT.


2019-01-10: Report Submitted

2019-01-19: Bug Patched by ZEIT

2019-01-19: Recruiting by ZEIT