CSRF, CORS, and HTTP Security headers Demystified

Posted on 2021-04-30 [Friday] by jj5

This on Hacker News today: CSRF, CORS, and HTTP Security headers Demystified.

The above article referred to OWASP SameSite doco, and you can read about how to implement that with PHP.

“REST” interfaces

Posted on 2021-02-27 [Saturday] by jj5

I just wanted to get something that I’ve thought for many years on record, because I don’t think I’ve ever had the chance to discuss it much before, but I believe JSON web services (“REST APIs”) and web applications should deal only in two HTTP verbs, being: GET and POST. You use GET for queries and you use POST for submissions. All POST operations go through business logic for particular services and CRUDing URLs is a supremely bad idea, in my opinion. Just wanted to get that on record. Thanks. p.s for web applications you should 3xx on success, not 2xx on success; what you do for JSON web services is up to you, but for those 2xx is probably fine.

Falsehoods Programmers Believe about REST APIs

Posted on 2021-01-13 [Wednesday] by jj5

A fun read: Falsehoods Programmers Believe about REST APIs.

Retry-After

Posted on 2020-12-16 [Wednesday] by jj5

Today I learned about the Retry-After HTTP header. It was mentioned over here.

HTTP(S) Benchmark Tools

Posted on 2020-12-10 [Thursday] by jj5

This popped up on r/programming today: HTTP(S) Benchmark Tools.

network.http.sendRefererHeader

Posted on 2020-08-01 [Saturday] by jj5

To disable the HTTP Referrer (Referer) header in Firefox open about:config and set network.http.sendRefererHeader to zero.

A folder named ~/.cache/kioexec/krun/13821_0/ already exists

Posted on 2018-12-14 [Friday] by jj5

2017-12-09 jj5 – TODO: document this on my blog…

On Debian GNU/Linux 9.1 (stretch) when I try to open an *.desktop (application/x-desktop) link in a browser I get:

A folder named ~/.cache/kioexec/krun/13821_0/ already exists.

Searching for:

A folder named kioexec krun already exists

turned up diddly squat.

I solved the issue (for me) by changing:

System Settings -> Personalization -> Applications -> Default Application s-> Web Browser

from:

Open http and https URLs in an application based on the contents of the URL

to:

Open http and https URLs in the following browser: firefox

If Apache2 won’t serve your JavaScript file try…

Posted on 2017-11-25 [Saturday] by jj5

I had an issue with Apache2 improperly serving a JavaScript file which I seem to have fixed by making sure the file was terminated with a new-line character… this was really hard to diagnose and resolve! The behaviour in Firefox was that the file just didn’t finish to download, whereas the Apache2 logs indicated a 200 result… I think it may have had something to do with automatic compression, which is a dark art that I do not understand (mumbles something about mod deflate…).

Apache HTTP Proxy Header Manipulation

Posted on 2016-07-10 [Sunday] by jj5

Found this:

<Location /jira>
  RequestHeader unset Authorization
  ProxyPreserveHost On
  ProxyPass http://jiraserver/jira
  ProxyPassReverse http://jiraserver/jira
</Location>

Over here. Wanted to keep a note of those settings.

Enable/Show “http://” and “https://” URL Prefix in Firefox Location Bar

Posted on 2014-09-25 [Thursday] by jj5

Found this article which said:

Open about:config and disable browser.urlbar.trimURLs. Easy peasy!

ProgClub

…because every programmer needs a good club!

Tag Archives: http