Published: May 9, 2020
I’m working on a Jekyll plugin which needs to fetch page view counts from the Google Analytics API for popularity ranking. While Google’s google-api-ruby-client does support the Reporting API v4 unfortunately there are no official examples from Google on how to use it.
As such I wanted to share a working example for fetching pageview counts from the Reporting API v4 in Ruby.
Published: May 4, 2020
As of version 2.3.5, Magento implements a Content Security Policy (CSP), which is enabled by default in report only mode. In a previous post, I outlined some concerns about the usefulness of Content Security Policy in Magento 2.3.5. Here we’ll take a look at how to disable Content Security Policy.
Published: April 29, 2020
On April 28, 2020 Magento 2.3.5 was announced. It included an exciting new security enhancement, implementation of a Content Security Policy (CSP), available for both Magento Commerce and Magento Open Source.
This release includes a set of powerful new security tools for Magento installations. Content Security Policies (CSP) provide additional layers of defense by helping to detect and mitigate Cross-Site Scripting (XSS) and related data injection attacks.
While this sounds great in theory, in practice, as things stand in Magento 2.3.5, Content Security Policy offers little to no value. In this post we’ll take a look a why.
Published: April 27, 2020
The example provided shows how we can a loop through the
Header map and print each key and value. One thing that wasn’t immediately clear to me was the best way to access a specific header, without the loop.
I did a bit of research and found the
Get function was helpful here.
Published: April 21, 2020
NOTE: This below is based on the Magento 2 code base as of version 2.3.4.
In Magento, a cart price rule can be configured to offer free shipping for orders over a certain dollar amount.
Typically, merchants want this offer to be based on the amount AFTER any discounts are applied.
Published: April 17, 2020
I’m currently attempting to set up a Content-Security-Policy on this site in strict-dynamic mode. As this is a static site, nonces are not an option for me, so I’m looking into using hashes. I was pulling my out hair earlier this evening trying to figure out how to generate the hashes in the correct CSP format at the command line. I finally figured it out piecing together various bits of information and wanted to share my findings here.