Sometime we've seen this error when executing e.g. bundle exec rake asset:precompile: double free or corruption (out)
It is possible to add custom http header to request made by the docker CLI client. This can be used...
sudo gitlab-rails console Note This takes some minutes to start Send a mail Use the following...
If you want someone to be able to access your rails console, but don't want them to be able...
If your US-ANSI keyboard supports VIA you can use it to create macros for the German Umlauts. All Keychron...
Apply Test Driven Development(TDD) to the process of building container images by defining test before writing code and automate...
If you want to automatically delete old container images from your Elastic Container Registry, the solution is a quite simple...
A convenient way to test SNS Subscription Filter Policies is using an email address as the subscription endpoint. However, for...
A lot of web applications require being called over https, which is a good thing. It's possible to configure...
We had a strange behaviour on one of our mariadb-servers: Everyday at around midnight we saw that the root...
When changing glibc versions, it's possible to end up with corrupt indexes in PostgreSQL. Are My Indexes Affected?
When using many or very long entries of MIME-types that shoudl be gziped in gzip_types directives in nginx...
In our monitoring, RabbitMQ queues like aliveness-test may show up as unresponsive, with a ping timeout after 10 seconds...
Unfortunately I couldn't find a complete and working documentation on how to do this. But this steps succeeded (at...
If you get e.g. this error message when you try to run puppet agent: Error: Failed to apply catalog: undefined...
If you have a PostgreSQL dump in the custom format you can can view the text format dump (plain SQL...
You can use wscat: sudo apt-get install node-ws # wscat -c ws://echo.websocket.org connected (press CTRL+C to quit...
This card is just about creating simple PostgreSQL dumps. This is no instruction for a backup strategy nor a guide...
When receiving a new SSL-Certificate for an existing SSL-key it should be checked that they match cryptographically.
The puppet server caches custom functions. If you edit an existing function (e.g. while you’re developing it), you’ll...
swaks is a very nice tool to test SMTP. For the most linux distributions you can easily install it with...
Install and configure the AWS Command Line Interface Show existing certificates to test if the AWS Cli is working:
Best results in other decks
When you load a with a nonce, that script can await import() additional sources from any hostname. The nonce is propagated automatically for the one purpose of importing more scripts. This is not related to strict-dynamic, which propagates nonces for any propose not limited to imports (e.g. inserting elements). Example We have a restrictive CSP that only allows nonces: Content-Security-Policy: default-src 'none'; script-src 'nonce-secret123' Our HTML loads script.js using that nonce: Our script.js imports other.js without a nonce: let other = await import('other.js') console.log("Look, script.js has imported %o", other) The import succeeds without a nonce, due to implicit nonce propagation. Why this is useful In modern build pipelines, code splitting (chunking) is implemented using dynamic imports. Nonce propagation allows us to use automatic chunking with restrictive, nonce-based CSPs without using strict-dynamic. E.g. esbuild automatically groups dynamically imported modules into chunks, and writes that chunk to disk. The compiled build has an await import('assets/chunk-NAXSMFJV.js'). There's no way to inject a nonce into that import(), but implicit nonce propagation still allows the request. Should I worry about this? It would require some truly strange code for user input to make it into an import() argument. I wouldn't lose sleep over this. Is this a browser bug? It is by design. Here are some sources: HTML Spec Section 8 (Web Application APIs) (search for "descendant script fetch options") Chromium test ensuring none propagation Firefox bug implementing nonce propagation CSP issue: Someone concerned about propagation being a vulnerability CSP issue: Proposal for import-src that went nowhere Are other CSP sources also propagated? No, only nonces. In particular host-based CSPs do not propagate trust. For example, you only allow scripts from our own host (no nonces): Content-Security-Policy: default-src 'none'; script-src 'self' Our HTML loads script.js from our own host: Our script.js imports other.js from a different host: let other = await import('https://other-host.com/other.js') This fails with a CSP violation: Executing inline script violates the following Content Security Policy directive 'script-src 'self''
When working with file uploads, we sometimes need to process intrinsic properties like the page count or page dimensions of...