Single Parenting is Hard My spouse was out of town last weekend, and I had our two kids alone for three nights and three days. It was rough. I can't imagine doing it all the time. Keep Authentication Tokens in Memory This is cheating a bit as I learned it over several weeks while building… Continue reading 2019-08-02 What I Learned This Week
There are broad scenarios in which a single page app (SPA) needs to handle authentication: The SPA is using an API custom built for the app itself -- the API being used is not public in any other way The SPA is using an API built for public consumption -- one with a full fledged… Continue reading Handling Authentication Tokens in Single Page Apps
This week I had to create a custom league/oauth2-client provider to talk to an private OAuth 2 server (also courtesy of The PHP League). Most of this is pretty routine. Implement some getters that are used in a few template methods. Most of those getters are public and easy to test, but a few of… Continue reading Testing Custom League OAuth2 Client Providers
I skipped this last week because I was on staycation, so cheating a bit here and doing two weeks. Attention to Detail and Perseverence Two weeks ago I did a major home improvement project: replace a bunch of cedar shingles and had to repair some rotting board underneath. I do not consider myself handy, but… Continue reading 2019-07-19 What I Learned This Week
Multiple Content Security Policy Headers are Multiple Policies They don't make a union of all the policies together. See this post on CSP for more. Google Tag Managers Recommendations for Content Security Policy They are not good. Using all of GTM means whitelisting data: URLs, 'unsafe-line', and 'unsafe-eval' for script-src. Might as well not have… Continue reading 2019-07-05 What I Learned
Today I've been fighting with Content Security Policy (CSP). Servers may send multiple CSP headers, but there is a catch: Adding additional policies can only further restrict the capabilities of the protected resource I had wrongly assumed that I could pretty up my nginx configuration by splitting up the various *-src directives into separate add_header… Continue reading Working with Multiple Content-Security-Policy Headers
To Do This I was listening to a podcast in which the interviewee talked about doing a weekly review of what I learned this week. Seemed like a legit idea, so here we are. I Missed Reading Fiction It's not that I stopped reading it ever, but that I haven't felt really into a book… Continue reading 2019-06-28 What I Learned This Week
I've been frustrated the lack of diffs in Karma with Mocha and Chai as the test and assertion backends. Turns out support for better diffs has been around for years. It just requires that a configuration option be set. The result is wonderful diffs that show's exactly what's missing or different.
Symfony's autowiring is one of the best things to come to the framework in the 3.X series. Without it we would all still be extending ContainerAware base classes and be using a service locator. But what if we need multiple instances of somethign in the container? The docs talk about dealing with multiple implementations of… Continue reading Making Multiple Instances Play Nice with Symfony’s Autowiring
The Symfony ChoiceType is a complex, interesting beast. By far my biggest complaint about it is the error messages shown to the user during validation are not great. Defaulting to, "This value is not valid," with no help for the user on what values are actually allowed. That's okay for plain HTML interfaces where the… Continue reading Improving Symfony ChoiceType Error Messages
Christopher Davis 