rand(Ø)

> beautiful code & photos

about <

Posts tagged: http

CSP Header Hacking for Apache2

Hello,

I write here to report my latest dirty hack. Story—

While enforcing our HTTP server configuration at work, we are slowly implementing CSP policies and one of them allow Web browsers to report violations to a given endpoint.

At this moment, we are only at the reporting step of the implementation because the first time we attempted to roll this header out, it ended up breaking our staging env.

So, it's recommended to set the Content-Security-Policy-Report-Only header.

This header takes the report-uri directive which allows the browser to push the violation findings to a given endpoint.

For this example:

> Continue Reading

cURL: forward POST over HTTP redirections

Recently, I've been stuck on a Web service call that wouldn't be called as supposed to be. When having troubles with WS, it's very important to dump client request and server response.

Using cURL withing PHP, I couldn't understand why my code was building a POST request and cURL returned me a GET request instead when the URI was getting a 301 redirection.

Turned out that it was a configuration issue because the URI wasn't the right one. Thanks to the config team!

What cURL says

When curl follows a redirect and the request is not a plain GET (for

> Continue Reading