16 Matching Annotations
  1. Jan 2022
    1. Next, let’s say that your ticket is correct (so you made through security just fine!) and the gate number in your ticket says “Gate 24” but you walk to Gate 27. The attendant cannot authorize you to go through that gate because it’s not the right gate for your ticket.

      They have these mixed up! (Which is understandable, because 401 is misnamed "Unauthorized but should be named "Unauthenticated")

      Checking if authenticated (which, if it fails the check, should return 401 for authentication error) comes first,

      and then checking if authorized (which, if it fails the check, should return 403 for authorization error)

      See https://hyp.is/wRF7wHopEeynafOqKj81vw/stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses

    1. There's a problem with 401 Unauthorized, the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To help you out, it will always include a WWW-Authenticate header that describes how to authenticate.
    2. 401 'Unauthorized' should be 401 'Unauthenticated', problem solved !
    3. I would expect that 401 to be named "Unauthenticated" and 403 to be named "Unauthorized". It is very confusing that 401, which has to do with Authentication,
    1. APIs that simply map CRUD actions to HTTP verbs have nothing to do with Application State Transfer. You can call them Web APIs or HTTP APIs, but please don’t call them RESTful.
  2. Aug 2021
    1. arguments = method_proc.parameters.map(&:last)

      Gets names of parameters, like [:arg_a, :b]

      Should be called parameter_names (the key word being names). "arguments" implies that it is the actual values that were passed in — not the name of the variables to which they will be assigned.

  3. Jun 2021
  4. May 2021
    1. Data tainting[edit] Netscape Navigator briefly contained a taint checking feature. The feature was experimentally introduced in 1997 as part of Netscape 3.[10] The feature was turned off by default, but if enabled by a user it would allow websites to attempt to read JavaScript properties of windows and frames belonging to a different domain. The browser would then ask the user whether to permit the access in question.

      seems to have nothing to do with tainted data, more about trusting frames from other domains?!

  5. Apr 2021
    1. They are much easier to put together because they are photographs so the secondary title "Challenging Journey" is a misnomer.
  6. Sep 2020
    1. And, yes, Mounting is also an unfortunate/confusing name, if you ask me. IMHO componentDidRender and componentWillRender would be much better names.
    2. However, that in-memory representation is not tied directly to the DOM in the browser (even though it is called Virtual DOM, which is an unfortunate and confusing name for an universal apps framework), and it is just a DOM-like data-structure that represents all the UI components hierarchy and additional meta-data. Virtual DOM is just an implementation detail.
  7. Jul 2020
    1. Besides, this will just end up being reported as a security bug to the security list if left as is, cause docker will eat up all your disk space due to a single call site flooding STDERR forcing logs to grow forever.
    1. The term "modal" is sometimes used to mean "dialog", but this is a misnomer. A modal window describes parts of a UI. An element is considered modal if it blocks interaction with the rest of the application.
  8. Dec 2018