| Random Link ¯\_(ツ)_/¯ | ||
| Jun 16, 2024 | » | Database Layer
4 min; updated Jun 16, 2024
Currently using MongoDB’s free tier, which has shared RAM, and up to 5GB of storage . So far, the overall DB usage has been less than 5MB. Query Injection Current State of Affairs Currently have this protection implemented back in 2018: /** * @description Prevent a NoSQL Injection in the search parameters. This is * achieved by deleting all query values that begin with `$`. */ export function sanitizeQuery(query: any) { const keys = Object.... |
| Jun 9, 2024 | » | Continuous Integration Tooling
4 min; updated Jun 9, 2024
What automatic tools can I add to keep code quality high? CodeQL CodeQL is a tool that runs variant analysis on code. The idea is that we create a query from a known vulnerability, e.g., SQL injection, and then run it against a codebase to find instances of that vulnerability. GitHub authorizes the use of CodeQL for public repos, and so we are covered . ql-analysis.sh has a recipe for running the analysis locally in the repo.... |
| Apr 19, 2024 | » | Client/Server Interface
8 min; updated Apr 19, 2024
How to handle redirects without setting window.location.href? Right now, there’s a pattern of doing: sendHTTPRequest("POST", "/login/", {}) .then((_) => { window.location.href = "/"; }) .catch((err) => { console.error(err); }); Isn’t this something that the server can do? In response, why not issue a redirect? Screenshot of the redirect chain from /login. The POST request gets a 303 (See Other) redirect to /home. The browser then makes a GET request to /home, which results in a 304 (Not Modified).... |