Blog
Magento 2 REST API method return processing
Published: March 27, 2017
If you’re getting started with the Magento 2 REST API you’ll find a good amount of resources documenting basic usage. Overall, it’s a big improvement over the Magento 1 REST API, in my opinion. However, one thing that I couldn’t find good information on is how Magento processes the result that your method returns.
As such, I spent a while digging through the code to understand. Here I’ll detail the (not exactly sane) way that Magento will process your method’s return value.
Accessing the admin front name programmatically in Magento 2
Published: March 23, 2017
Recently I was working on some Magento 2 code where I needed to programmatically determine the admin front name. If you run a Google search you’ll pretty quickly find the canonical answer for Magento 1…
Mage::getConfig()->getNode('admin/routers/adminhtml/args/frontName')
However, even after reading through two pages of Google results, I was not able to find an answer for Magento 2.
Measuring round-trip time with nping
Published: March 21, 2017
Recently, I was debugging a performance issue where a site was spending an above average amount of time running HGETs against a Redis instance. I came upon this snippet of text from Redis’ benchmarking documentation.
Network bandwidth and latency usually have a direct impact on the performance. It is a good practice to use the ping program to quickly check the latency between the client and server hosts is normal before launching the benchmark
https://redis.io/topics/benchmarks#factors-impacting-redis-performance
However when I went to ping the server running Redis I didn’t have much luck…
$ ping -c 10 -W 1 172.24.16.119
PING 172.24.16.119 (172.24.16.119) 56(84) bytes of data.
--- 172.24.16.119 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9999ms
GROUP-ing a product collection the right way with groupByAttribute
Published: March 12, 2017
Recently, I was reworking the implementation of a featured products widget which showed up on the home page. In order to show a variety of products we decided to GROUP BY manufacturer. This way only one product would show up per brand. The initial implementation looked something like this…
$collection = Mage::getModel('catalog/product')->getCollection();
// Do some other logic
$collection->getSelect()->group('e.manufacturer_value')
This was working fine in dev (and production). However, when I merged some new code into the develop branch and deployed it to staging I started getting exceptions.
Magento's "Use HTTP Only" Cookie Setting
Published: March 8, 2017
Recently, while checking out Mozilla Observatory I learned about the HttpOnly Set-Cookie directive. If you’re not familiar with it, here’s an explanation from MDN…
HTTP-only cookies aren’t accessible via JavaScript through the Document.cookie property, the XMLHttpRequest and Request APIs to prevent attacks against cross-site scripting (XSS).
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives
The “HttpOnly” name is a bit confusing and is sometimes misinterpreted as having something do to with HTTP vs HTTPS. However, that is not the case. The idea is that the cookie is made available to the server as part of the HTTP request (“HTTP only”). However, the browser has no access to it.
This provides a layer of security against XSS as, even if an attacker is able to get malicious script to execute on a web page, the attacker won’t be able to access precious cookies, which are often the only key needed to compromise a user (or admin) account.
This got me interested in investigating how Magento manages that flag. I decided to dig in to get a better understanding. Here, I’ll documented my findings…
WTF Is uenc?
Published: March 6, 2017
If you’ve worked with Magento before, you’ve probably seen a URL that looks like this…
https://example.com/checkout/cart/add/uenc/aHR0cDovL21hZ2VudG8tMV8xNF8xXzAuZGV2L2xpbmVuLWJsYXplci01MzguaHRtbA,,/product/406/form_key/giZIAWUXy2azlHw1/
Have you ever wondered to yourself, WTF is uenc?
In this post I’ll explore that question…