Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
THE FUCK WHY did the company which made the website I'm maintaining now ADD CUSTOM FACEBOOK LIKES AND TWITTER FOLLOWER WIDGETS - IN A SUBDIRECTORY OF THE THEME?
Guess what, you motherfuckers: One year after you made that damn page the Facebook API changed and your stinking widget is broken REQUIRING ME TO REWRITE MOST OF IT!
Also WHO THE FUCK LEFT HIS BRAIN ON HIS BEDSIDE TABLE the day he decided to HARDCODE ASSETS WITH AN http:// (no tls) URL? YES, browsers will block that shift if the website itself is delivered over tls, because it's a GAPING SECURITY HOLE!
People who sells websites that have user management and thus request authentication without AT LEAST OFFERING FUCKING STANDARD TLS SHOUD BE TARRED AND FEATHERED AND THEN PUT IN A PILLORY IN FRONT OF @ALEXDELARGE'S HOUSE!
Maybe I should be a bit more thankful - I mean I get payed to fix their incompetence. But what kind of doctor is thankful for the broken bones of his patient?9 -
Doing a full rewrite from some DIY spaghetti framework: when it can't find a search query it returns "false" with the status code 200, the same php file responsible for querying an external api is put into all sorts of named folders, so e.g. a user that is in the results page X can continue searching on the same URL, instead of doing proper url rewrites or ajax calls to the one in the root directory, html is thrown into every other php line, a DIY sort function for a numbers array that fails to sort 0 before 1 and that all is just a 10 minute review, can't wait to see the rest.2
-
Why am I sad, depressed, demotivated, you ask?
Because I was asked to create-react-app with nodemailer, it worked well on heroku, YAYYY MEE, "
"NOTHING GOES WRONG IN DEPLOYMENT FUCK YEAH"
Little did I know that was a "demo" for the business people, My superior / manager/boss wants me to deploy on 1and1 service provider,
> Okay 1 and 1 service provider does provide Nodej, so it shouldn't be hard.
> Turns out it is a Windows hosting server IIS 10 without URL Rewrite.
> *INTERNAL SCREAMING*
I went up to him to talk about this issue and requested to let me talk to 1 and 1, and get this sorted
> But bro, if we cannot fix it, I think they also cannot fix, probably.
*INTERNAL SCREAMING AT PEAK*
I just want URL Rewrite installed on IIS10 so that I can move on to the next project.
A little background for this project
> No support from him during development.
> I personally used HD Images, because why not?
> Website seems slow because of HD Images, and now he complains about it.
You fucking (managers) want a website to be scalable and fast and yet you choose to focus on B U S I N E S S instead of support the real guy.
I'm fucking sick and tired, it took me 24 hours figure out the issue because there is nothing on 1 and 1 support/ forum/help center.
Another 24 hours to try and fix, yet no luck.
I'm gonna finally point the domain name to heroku. Fuck, I'm so fucking done6 -
This makes me laugh a lot. I changed my online ledger app to use a unicode character in the URL, which I should probably just use a rewrite rule to accomplish, but for now just to see if it works I tried it out. After confirming that it does, I commited it.
-
!!rant
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
https://github.com/socketio/... -
I need some clarity with the situation below.
I have my API ready.
Let's say I have a route /reset/token,
I want to be able to serve a html file with css and all that once I've processed the token internally.
I've not worked with the whole stack before so I've never really served files based on conditions i.e if the token is valid serve x else serve y.html
Also, I'm pretty sure node.js isn't the best for serving files.
So I'm taking another approach with nginx which is to implement /reset/token to serve the static file with it's coupled js file to query the API. Seems standard to me but I have this feeling that a prefilled html would be more secure than one with exposed js.
Is this the right way? Should I worry about my API calls being exposed via the js fil ? Is obfuscation the only way to handle this ? Is this the way everyone does it cause somehow I don't see the key js files in most sites. How are they hidden if so? Or are they?
I'm confused and also nginx won't let me rewrite /reset/token to something else without changing the browser url field. How do I prevent that ?1
Top Tags
Weekly Rant
View