Blog

Magento's Not Sane Google reCAPTCHA v3 Implementation

Published: May 19, 2020

Magento’s out of box Google reCAPTCHA implementation currently allows the merchant to select between three types:

Screenshot showing reCAPTCHA type dropdown in Magento admin panel

The default is currently Invisible reCaptcha v3. Unfortunately, as we’ll see in this post, Magento’s reCAPTCHA v3 implementation is not sane and I would not recommend any merchants use it.

Let me elaborate.

Tracking Paint Timing Metrics in Google Analytics

Published: May 15, 2020

I’ve recently started tracking Paint Metrics for this website in Google Analytics. I took a few missteps along the way. In this post I want to share my experience.

Fetching Pageview Counts from Google Analytics API with Ruby

Published: May 9, 2020

I’m working on a Jekyll plugin which needs to fetch page view counts from the Google Analytics API for popularity ranking. While Google’s google-api-ruby-client does support the Reporting API v4 unfortunately there are no official examples from Google on how to use it.

As such I wanted to share a working example for fetching pageview counts from the Reporting API v4 in Ruby.

Disable Content Security Policy (CSP) in Magento

Published: May 4, 2020

As of version 2.3.5, Magento implements a Content Security Policy (CSP), which is enabled by default in report only mode. In a previous post, I outlined some concerns about the usefulness of Content Security Policy in Magento 2.3.5. Here we’ll take a look at how to disable Content Security Policy.

Magento 2.3.5 + Content Security Policy (CSP): A Fool's Errand

Published: April 29, 2020

On April 28, 2020 Magento 2.3.5 was announced. It included an exciting new security enhancement, implementation of a Content Security Policy (CSP), available for both Magento Commerce and Magento Open Source.

This release includes a set of powerful new security tools for Magento installations. Content Security Policies (CSP) provide additional layers of defense by helping to detect and mitigate Cross-Site Scripting (XSS) and related data injection attacks.

Magento Open Source 2.3.5 Release Notes

While this sounds great in theory, in practice, as things stand in Magento 2.3.5, Content Security Policy offers little to no value. In this post we’ll take a look a why.

Get HTTP Response Headers in Go

Published: April 27, 2020

Tags:

The Theory and Practice blog has a nice example of accessing HTTP Response Headers in Go.

The example provided shows how we can a loop through the Header map and print each key and value. One thing that wasn’t immediately clear to me was the best way to access a specific header, without the loop.

I did a bit of research and found the Get function was helpful here.