This on Hacker News today: CSRF, CORS, and HTTP Security headers Demystified.
I just wanted to get something that I’ve thought for many years on record, because I don’t think I’ve ever had the chance to discuss it much before, but I believe JSON web services (“REST APIs”) and web applications should deal only in two HTTP verbs, being: GET and POST. You use GET for queries and you use POST for submissions. All POST operations go through business logic for particular services and CRUDing URLs is a supremely bad idea, in my opinion. Just wanted to get that on record. Thanks. p.s for web applications you should 3xx on success, not 2xx on success; what you do for JSON web services is up to you, but for those 2xx is probably fine.
A fun read: Falsehoods Programmers Believe about REST APIs.
This popped up on r/programming today: HTTP(S) Benchmark Tools.
To disable the HTTP Referrer (Referer) header in Firefox open about:config and set network.http.sendRefererHeader to zero.
2017-12-09 jj5 – TODO: document this on my blog…
On Debian GNU/Linux 9.1 (stretch) when I try to open an *.desktop (application/x-desktop) link in a browser I get:
A folder named ~/.cache/kioexec/krun/13821_0/ already exists.
A folder named kioexec krun already exists
turned up diddly squat.
I solved the issue (for me) by changing:
System Settings -> Personalization -> Applications -> Default Application s-> Web Browser
Open http and https URLs in an application based on the contents of the URL
Open http and https URLs in the following browser: firefox
<Location /jira> RequestHeader unset Authorization ProxyPreserveHost On ProxyPass http://jiraserver/jira ProxyPassReverse http://jiraserver/jira </Location>
Over here. Wanted to keep a note of those settings.
Found this article which said:
Open about:config and disable browser.urlbar.trimURLs. Easy peasy!