First find the reference for the entry you want through looking at the stash: $ git stash list stash@{0}: WIP...
To avoid multiple versions of a package, you can manually maintain a resolutions section in your package.json. We recommend you...
Ruby lets you re-use existing RegExp objects by interpolating it into new patterns: locales_pattern = /de|en|fr|es/i...
Our development process makes us deploy very often. As the number of releases grows, junk clogs up the hard drive...
Ubuntu 18.04 uses systemd to manage services. There are basically two commands for listing all services and manipulating the state...
Given you have a strict CSP that only allows elements from your own domain: Content-Security-Policy: script-src 'self' This will block JavaScript handlers inlined as attribute into your HTML elements. Clicking on the following link will only log an error with a strict CSP: click me click me Solution 1: Move the handler into your JavaScript The recommended solution is to move the handler from the HTML to the allowed JavaScript file that we loaded via . In the example above we could invent a new [data-alert] attribute with the alert message: click me Then our JavaScript intercepts clicks on elements with that attribute: document.addEventListener('click', function(event) { let link = event.target.closest('[data-alert]') if (link) { let message = link.dataset.alert alert(message) event.preventDefault() } }) Solution 2: Allow that one handler in your CSP Some browsers allow the CSP directive script-src-attr. This lets you allow the hashes of actual JavaScript code. The SHA256 hash of alert('hello') is vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE= (in Base64). We can allow this one event handlers like this: Content-Security-Policy: script-src 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Note the sha256- prefix. This event handler now works when clicked: click me But any other script will still be blocked: click me Dealing with legacy browsers Currently (November 2023) about 75% of browsers support script-src-attr. Here is a forward-looking compromise that many users use with new CSP features: Have a liberal CSP with old directives supported by all browsers Make your CSP stricter with new, more specific directives for browsers that support it The CSP spec supports that approach in that using newer, more specific directives disable older, more general features. In our case this means: For old browsers, allow all inline scripts For new browsers, disallow inline scripts but allow inline handlers with given hashes Here is a CSP directive that works like this: Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Old browsers will only use script-src. New browsers will use script-src-elem (for tags) and script-src-attr (for inline event handlers), which override the more liberal rules from script-src.
...Powerless but nothing was raised No power to ['creatable_cards'] The reason for this behavior is that the Capybara test server is running in another thread, and the RSpec thread...
We use the whenever gem to automatically update the crontab of the servers we deploy to. By default, whenever will...
On Chrome, Firefox and modern Safari, document.scrollingElement will return the element. The behavior varies on legacy browsers that we no longer support: Old Safari versions, document.scrollingElement will return...
Sometimes you might need to nest a git-project inside another git-project. The right strategy is to use submodules...
Short reference on how to quickly debug the vanilla Rails job adapters. Queue Adapters by Environment Environment Adapter
You can use git worktree to manage multiple working trees attached to the same repository. But why should I use...
...line-height is font-size relative, but the problem is that font-size: 100px behaves differently across font-families, so is line-height always the same or different? Is it...
Capybara has a variety of finder methods like find_button to help you look up DOM elements. There are also...
...other methods within the Method class are useful for advanced metaprogramming, though this is beyond the scope of this card. Also see Ruby: Finding where a method is defined
...you can use a special form options helper called #collection_check_boxes. It behaves similar to #collection_select, but instead of a single select field it renders a checkbox and...
We often have a separate production branch that lags a bit behind the more cutting edge main branch. Sometimes you want to move some, but not all commits from main...
In esbuild, you usually import other files using relative paths: import './some-related-module' import `../../utils/some-utility-module` import `../../../css/some-css.sass` This is totally fine...
When storing floating-point numbers such as prices or totals in an SQL database, always use a DECIMAL column. Never...
Using git fixup helps you to speed up appending changes further back in the git history of your feature branch...
...only because your step definition requires that. Here's a typical step definitions that benefits from using find_by_anything: When /^I sign in as "([^\"]+)")$/ do |identifier| user = User.find_by...
The attached compiler() function below applies JavaScript behavior to matching HTML elements as they enter the DOM. This works like an Unpoly compiler for apps that don't use Unpoly...
If you have a fully functional CI pipeline but no CD, you might find yourself frequently waiting for CI (with...
...you will sign out your current user whenever you switch to another app. A better way is to use our own daho.im service. All daho.im subdomains resolve to your local...