There are broad scenarios in which a single page app (SPA) needs to handle authentication: The SPA is using an API custom built for the app itself -- the API being used is not public in any other way The SPA is using an API built for public consumption -- one with a full fledged… Continue reading Handling Authentication Tokens in Single Page Apps
This week I had to create a custom league/oauth2-client provider to talk to an private OAuth 2 server (also courtesy of The PHP League). Most of this is pretty routine. Implement some getters that are used in a few template methods. Most of those getters are public and easy to test, but a few of… Continue reading Testing Custom League OAuth2 Client Providers
I skipped this last week because I was on staycation, so cheating a bit here and doing two weeks. Attention to Detail and Perseverence Two weeks ago I did a major home improvement project: replace a bunch of cedar shingles and had to repair some rotting board underneath. I do not consider myself handy, but… Continue reading 2019-07-19 What I Learned This Week
Multiple Content Security Policy Headers are Multiple Policies They don't make a union of all the policies together. See this post on CSP for more. Google Tag Managers Recommendations for Content Security Policy They are not good. Using all of GTM means whitelisting data: URLs, 'unsafe-line', and 'unsafe-eval' for script-src. Might as well not have… Continue reading 2019-07-05 What I Learned
Today I've been fighting with Content Security Policy (CSP). Servers may send multiple CSP headers, but there is a catch: Adding additional policies can only further restrict the capabilities of the protected resource I had wrongly assumed that I could pretty up my nginx configuration by splitting up the various *-src directives into separate add_header… Continue reading Working with Multiple Content-Security-Policy Headers
To Do This I was listening to a podcast in which the interviewee talked about doing a weekly review of what I learned this week. Seemed like a legit idea, so here we are. I Missed Reading Fiction It's not that I stopped reading it ever, but that I haven't felt really into a book… Continue reading 2019-06-28 What I Learned This Week
I've been frustrated the lack of diffs in Karma with Mocha and Chai as the test and assertion backends. Turns out support for better diffs has been around for years. It just requires that a configuration option be set. The result is wonderful diffs that show's exactly what's missing or different.
