Generating a CSP Hash at the CLI

Published: April 17, 2020


I’m currently attempting to set up a Content-Security-Policy on this site in strict-dynamic mode. As this is a static site, nonces are not an option for me, so I’m looking into using hashes. I was pulling my out hair earlier this evening trying to figure out how to generate the hashes in the correct CSP format at the command line. I finally figured it out piecing together various bits of information and wanted to share my findings here.

Sending a GET request with a request body with PHP cURL

Published: April 16, 2020


Some APIs require GET requests with request bodies. I was looking into how to do that today and struggling with Google. Eventually I found this answer on StackOverflow.

PHP code is as follows:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, '');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');


Pasting into Vim Messing Up Indentation

Published: April 15, 2020


This morning I was trying to paste so XML from a local file into a remote file using Vim. However when I did it, it was messing up the indentation really badly, essentially indenting each new line an additional level.

Screenshot of messed up indentation in Vim

Firefox Reporting Disqus Hosts as Missing from default-src

Published: April 13, 2020


I recently set up a Content Security Policy (CSP) on this website.

My site uses Disqus, so my Content-Security-Policy had their domains whitelisted something like this:



Adding a Content Security Policy (CSP) with Cloudflare Workers

Published: April 11, 2020


I had been interested in adding a Content Security Policy (CSP) to this website for a while. However, the site is built with Jekyll and hosted on GitHub pages, which doesn’t allow you to set custom HTTP response headers such as Content-Security-Policy1. I did a bit of research and found it would be possible to add them through Cloudflare (which I use as a CDN / DNS provider) via their “Cloudflare Workers” feature. In this post I want to walk through the setup process.

Diff-ing MySQL and Elasticsearch

Published: April 9, 2020


Recently I had to troubleshoot an issue where some products that were expected to be indexed in Elasticsearch were not. The client wasn’t sure which / how many products were missing, so I wrote a script which diffs products stored in MySQL (catalog_product_entity) against the Elasticsearch index. I’ve decided to share the script here in case others find it useful.