Blog
Generating a CSP Hash at the CLI
Published: April 17, 2020
I’m currently attempting to set up a Content-Security-Policy on this site in strict-dynamic mode. As this is a static site, nonces are not an option for me, so I’m looking into using hashes. I was pulling my out hair earlier this evening trying to figure out how to generate the hashes in the correct CSP format at the command line. I finally figured it out piecing together various bits of information and wanted to share my findings here.
Sending a GET request with a request body with PHP cURL
Published: April 16, 2020
Some APIs require GET requests with request bodies. I was looking into how to do that today and struggling with Google. Eventually I found this answer on StackOverflow.
PHP code is as follows:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://maxchadwick.xyz');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_POSTFIELDS, 'THIS IS THE REQUEST BODY');
curl_exec($ch);
Pasting into Vim Messing Up Indentation
Published: April 15, 2020
This morning I was trying to paste so XML from a local file into a remote file using Vim. However when I did it, it was messing up the indentation really badly, essentially indenting each new line an additional level.
Firefox Reporting Disqus Hosts as Missing from default-src
Published: April 13, 2020
I recently set up a Content Security Policy (CSP) on this website.
My site uses Disqus, so my Content-Security-Policy had their domains whitelisted something like this:
default-src
'self';
script-src
'self'
c.disquscdn.com
...;
Adding a Content Security Policy (CSP) with Cloudflare Workers
Published: April 11, 2020
I had been interested in adding a Content Security Policy (CSP) to this website for a while. However, the site is built with Jekyll and hosted on GitHub pages, which doesn’t allow you to set custom HTTP response headers such as Content-Security-Policy1. I did a bit of research and found it would be possible to add them through Cloudflare (which I use as a CDN / DNS provider) via their “Cloudflare Workers” feature. In this post I want to walk through the setup process.
Diff-ing MySQL and Elasticsearch
Published: April 9, 2020
Recently I had to troubleshoot an issue where some products that were expected to be indexed in Elasticsearch were not. The client wasn’t sure which / how many products were missing, so I wrote a script which diffs products stored in MySQL (catalog_product_entity) against the Elasticsearch index. I’ve decided to share the script here in case others find it useful.