a tumblelog
07 Nov 2019

Parse, don’t validate

about a month ago, I was reflecting on Twitter about the differences I experienced parsing JSON in statically- and dynamically-typed languages, and finally, I realized what I was looking for. Now I have a single, snappy slogan that encapsulates what type-driven design means to me, and better yet, it’s only three words long:

Parse, don’t validate.

Source: Parse, don’t validate, an article by Alexis King.

HTTP Security Headers - A Complete Guide

In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting. At the end of the article, I will include sample setups for common applications and web servers.

Source: HTTP Security Headers - A Complete Guide, a guide by Charlie Belmer.

Mozilla Observatory scan summary
Mozilla Observatory scan summary; an A+ for Plurrrr.

Using this guide and Mozilla Observatory I managed to get Plurrrr from an F to an A+.

Note that the guide has syntax errors in the NGINX configuration example. At least, at the time of writing, I had to remove the colon after each header name and had to put some values between double quotes.