Click here to Skip to main content
15,877,482 members
Home / Discussions / Web Development
   

Web Development

 
PinnedHow to get an answer to your question Pin
Chris Maunder4-Sep-10 2:25
cofounderChris Maunder4-Sep-10 2:25 
PinnedHOW TO ANSWER A QUESTION PinPopular
Chris Maunder12-Jul-09 22:40
cofounderChris Maunder12-Jul-09 22:40 
QuestionWhat is generally the current best method for storing uploaded documents? Pin
we5inelgr6-Mar-24 15:06
we5inelgr6-Mar-24 15:06 
AnswerRe: What is generally the current best method for storing uploaded documents? Pin
Bohdan Stupak7-Mar-24 5:45
professionalBohdan Stupak7-Mar-24 5:45 
GeneralRe: What is generally the current best method for storing uploaded documents? Pin
we5inelgr7-Mar-24 9:05
we5inelgr7-Mar-24 9:05 
GeneralRe: What is generally the current best method for storing uploaded documents? Pin
jschell8-Mar-24 11:40
jschell8-Mar-24 11:40 
AnswerRe: What is generally the current best method for storing uploaded documents? Pin
jschell8-Mar-24 11:47
jschell8-Mar-24 11:47 
AnswerRe: What is generally the current best method for storing uploaded documents? Pin
Andre Oosthuizen9-Mar-24 0:47
mveAndre Oosthuizen9-Mar-24 0:47 
QuestionLooking for a working working sample google maps on blazor web app with loading markers from database Pin
urx194124-Jan-24 23:19
urx194124-Jan-24 23:19 
AnswerRe: Looking for a working working sample google maps on blazor web app with loading markers from database Pin
jschell25-Jan-24 4:36
jschell25-Jan-24 4:36 
GeneralRe: Looking for a working working sample google maps on blazor web app with loading markers from database Pin
michael floeter25-Jan-24 21:29
michael floeter25-Jan-24 21:29 
GeneralRe: Looking for a working working sample google maps on blazor web app with loading markers from database Pin
jschell30-Jan-24 4:51
jschell30-Jan-24 4:51 
QuestionSetting a CORS header, and allowing my Javascript modules that are inlined Pin
jkirkerx24-Jan-24 10:30
professionaljkirkerx24-Jan-24 10:30 
AnswerCleaned up my dart board, and got the modules error cleared at least, this will take time, not easy Pin
jkirkerx24-Jan-24 11:26
professionaljkirkerx24-Jan-24 11:26 
GeneralRe: The problem is somewhere else Pin
jkirkerx24-Jan-24 13:06
professionaljkirkerx24-Jan-24 13:06 
AnswerRe: Solved, that was a can of worms to sort out Pin
jkirkerx25-Jan-24 12:13
professionaljkirkerx25-Jan-24 12:13 
I ended up with this, a compromise between using a hammer to nail it through with no more console errors, and fixing several security issues for the better. By hammering it, I can get the app running for the owner to evaluate and test, and then consider more security fixes and upgrades.

Font-Awesome or the FortAwesome free version
I removed all the Font-Awesome errors, but removing the all.min.js JavaScript file from the header elements. Turns out I don't need that JavaScript, and what it does is this.. Instead of using the fonts from Node_Modules, it fetches the latest version of the fonts and other stuff, to replace what Node_Modules has, and does things like monitor the use of the product, and causes licensing issues where it's no longer the free version. Well, the files it fetched were the free version files at least, so I got something right that I tossed in the trash.

Diagnostics
I used Mozilla FireFox at first, but it gave me generic information back, that never changed. I assume the headers I was inspecting was for public consumption. I ended up having to use Chrome in Developer mode, to see the real headers being returned from the response of the web page loading.

ECMA Script Modules
I used this to solve that issue in CSP. The use of a nonce. Declaring a master module that references child modules on a web page.
<?php $nonce = base64_encode(random_bytes(16)); ?>
script type="module" src="/assets/scripts/core/core.module.js" nonce="<?php echo $nonce; ?>"></script>

Inline scripts
I used this in the CSP rule below, to solve script within a element, calling onclick or onchange
script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes';
onclick="core.setProjectType('<?php echo $apiUri; ?>', 'landscape')"
SVG like spinners and things you embed on the web page
img-src 'self' data: w3.org/svg/2000;

Warning
This is not my best work, and not completed yet, but gets the project back up and running so I can finish it and be done with it. This work does leave me with a little more work to beef up the security some more, but on my terms and not the web server or browsers terms.

If your clueless about this subject, then you can use this as a reference to model something for yourself. Remember I'm not an expert on this subject, but do understand the point. And I spent many hours doing research and reading, plus testing. It doesn't matter that this is PHP, because the principals are the same with most web technologies.

My Work
Cache Rules
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0");
header("Pragma: no-cache");

X- Stuff Rules
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
header("X-Content-Type-Options: nosniff");
header("X-Frame-Options: DENY");
header("X-XSS-Protection: 1; mode=block");
header('Referrer-Policy: same-origin');

COR Rules
header("Access-Control-Allow-Origin: <a href="https://yourDomain.com">https://yourDomain.com</a> ;
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type");
header("Access-Control-Max-Age: 86400"); // 1 day
header("Access-Control-Expose-Headers: *");

CSP Rules
$nonce = base64_encode(random_bytes(16));
header("Content-Security-Policy: default-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: w3.org/svg/2000; object-src data: 'unsafe-eval';");
If it ain't broke don't fix it
Discover my world at jkirkerx.com

QuestionJS Arrow functions this & setTimeout scope Pin
Member 1618344416-Jan-24 1:46
Member 1618344416-Jan-24 1:46 
AnswerRe: JS Arrow functions this & setTimeout scope Pin
Jeremy Falcon25-Jan-24 4:31
professionalJeremy Falcon25-Jan-24 4:31 
QuestionWordPress for Windows Pin
Richard Andrew x647-Jan-24 4:24
professionalRichard Andrew x647-Jan-24 4:24 
AnswerRe: WordPress for Windows Pin
jschell8-Jan-24 5:52
jschell8-Jan-24 5:52 
GeneralRe: WordPress for Windows Pin
Richard Andrew x648-Jan-24 13:49
professionalRichard Andrew x648-Jan-24 13:49 
Questionhow PHP works Pin
mike741126-Dec-23 10:24
mike741126-Dec-23 10:24 
AnswerRe: how PHP works Pin
Richard MacCutchan26-Dec-23 21:47
mveRichard MacCutchan26-Dec-23 21:47 
GeneralRe: how PHP works Pin
trønderen27-Dec-23 8:09
trønderen27-Dec-23 8:09 
GeneralRe: how PHP works Pin
Richard MacCutchan27-Dec-23 21:19
mveRichard MacCutchan27-Dec-23 21:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.