Blog

Magento 2.3.5 + Content Security Policy (CSP): A Fool's Errand

Published: April 29, 2020

On April 28, 2020 Magento 2.3.5 was announced. It included an exciting new security enhancement, implementation of a Content Security Policy (CSP), available for both Magento Commerce and Magento Open Source.

This release includes a set of powerful new security tools for Magento installations. Content Security Policies (CSP) provide additional layers of defense by helping to detect and mitigate Cross-Site Scripting (XSS) and related data injection attacks.

Magento Open Source 2.3.5 Release Notes

While this sounds great in theory, in practice, as things stand in Magento 2.3.5, Content Security Policy offers little to no value. In this post we’ll take a look a why.

Get HTTP Response Headers in Go

Published: April 27, 2020

Tags:

The Theory and Practice blog has a nice example of accessing HTTP Response Headers in Go.

The example provided shows how we can a loop through the Header map and print each key and value. One thing that wasn’t immediately clear to me was the best way to access a specific header, without the loop.

I did a bit of research and found the Get function was helpful here.

Free Shipping Cart Rule After Discounts

Published: April 21, 2020

Tags:

NOTE: This below is based on the Magento 2 code base as of version 2.3.4.

In Magento, a cart price rule can be configured to offer free shipping for orders over a certain dollar amount.

Typically, merchants want this offer to be based on the amount AFTER any discounts are applied.

Generating a CSP Hash at the CLI

Published: April 17, 2020

Tags:

I’m currently attempting to set up a Content-Security-Policy on this site in strict-dynamic mode. As this is a static site, nonces are not an option for me, so I’m looking into using hashes. I was pulling my out hair earlier this evening trying to figure out how to generate the hashes in the correct CSP format at the command line. I finally figured it out piecing together various bits of information and wanted to share my findings here.

Sending a GET request with a request body with PHP cURL

Published: April 16, 2020

Tags:

Some APIs require GET requests with request bodies. I was looking into how to do that today and struggling with Google. Eventually I found this answer on StackOverflow.

PHP code is as follows:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://maxchadwick.xyz');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_POSTFIELDS, 'THIS IS THE REQUEST BODY');

curl_exec($ch);

Pasting into Vim Messing Up Indentation

Published: April 15, 2020

Tags:

This morning I was trying to paste so XML from a local file into a remote file using Vim. However when I did it, it was messing up the indentation really badly, essentially indenting each new line an additional level.

Screenshot of messed up indentation in Vim