tcfox / tc.nz Goto Github PK
View Code? Open in Web Editor NEWBlog posts for tc.nz, based on Jekyll
Home Page: https://tc.nz
Blog posts for tc.nz, based on Jekyll
Home Page: https://tc.nz
Look at loading this statically: https://github.com/Microsoft/ApplicationInsights-JS/
Turn this off, we don't need it.
In the keybase.json
data file, the /proof_object/body/key/kid
is the same as the "public key", just in hex instead of base64.
Rewrite keybase.txt.liquid
to derive the public key from the proof object to avoid duplicate data.
https://github.com/rubysec/bundler-audit
Maybe have an alert if a vulnerable version is found via email or something, halting release doesn't make you more vulnerable since the vulnerable package probably already exists in prod right now anyway.
Some pages, such as https://tc.nz/long.html, shouldn't be in the https://tc.nz/sitemap.xml file since they aren't normally navigated to.
See https://github.com/jekyll/jekyll-sitemap#exclusions for details on how to exclude these.
Need to downgrade the referrer-policy
header from strict-origin-when-cross-origin
to origin-when-cross-origin
due to lack of support in Chrome/Opera. This will result in the Origin hostname (but not the full URL) being sent on HTTP requests where previously it would only have been sent via HTTPS.
This not a privacy concern, since the hostname the user is connected to is being leaked on HTTPS connections anyway due to SNI, so a passive MitM isn't learning any new information.
I may consider using same-origin
in the future.
Doesn't affect anything, but feels weird to add completely useless properties to posts when only pages supports being added to the menu.
Some pages aren't included in the sitemap.xml file. Make sure the gems are in the correct order: https://github.com/jekyll/jekyll-sitemap#usage
https://www.owasp.org/images/c/c4/2017-04-20-OWASPNZ-SpagnuoloWeichselbaum.pdf
http://sebastian-lekies.de/csp/bypasses.php
Might be able to generate a CSP policy at build-time based on hashes of JS files. Can't use nonces since they need to be different on each request.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.