Recently, while checking out Mozilla Observatory I learned about the
Set-Cookie directive. If you’re not familiar with it, here’s an explanation from MDN…
The “HttpOnly” name is a bit confusing and is sometimes misinterpreted as having something do to with HTTP vs HTTPS. However, that is not the case. The idea is that the cookie is made available to the server as part of the HTTP request (“HTTP only”). However, the browser has no access to it.
This provides a layer of security against XSS as, even if an attacker is able to get malicious script to execute on a web page, the attacker won’t be able to access precious cookies, which are often the only key needed to compromise a user (or admin) account.
This got me interested in investigating how Magento manages that flag. I decided to dig in to get a better understanding. Here, I’ll documented my findings…
If you’ve worked with Magento before, you’ve probably seen a URL that looks like this…
Have you ever wondered to yourself, WTF is
In this post I’ll explore that question…
Out-of-box, both Magento 1 and 2 provides the ability to toggle between “Grid View” and “List View”.
“Grid View” displays the products in an image grid, as pictured above. It is the default “mode” for viewing a category or search results page.
In “List View” the products are listed in a single column as pictured below.
Not only is list view unnecessary, it’s also harmful. Here I’ll explain why…
Recently I needed a function to remove a single query parameter from a given URL in PHP. This seems like the type of thing that there should be a canonical answer for, but, if you run a Google search, you’ll see that there are many ways to skin this cat.
After giving the task some thought, I wound up implementing essentially what is described in this Stack Overflow answer. In this post, I share the approach, along with the final code.
Recently, I was working through an issue where I wanted to conditionally increase PHP’s memory limit based on the request URL. Rather than building that logic into the application, handling via Apache directives seemed like a cleaner approach. Here I’ll outline how I achieved this.
Recently, I needed to override a
onclick attribute. I was writing a plugin for Magento, which, for better or worse, makes heavy use on inline
onclick attributes. If you run a Google search you’ll see that the canonical answer looks something like this…
document.getElementById('my-id').onclick = myOnClick;
For most uses cases this work fine. However, there is a caveat that should accompany this answer. It doesn’t work for elements that are dynamically added to the document.
But never fear, there’s another approach that can be used to override inline
onclick attributes that works with dynamically added elements. And that approach, my friends, is called event capturing.