Tim Barclay – Medium

Aug 10, 2020

Fixing an issue with CSRF tokens in Laravel with EZproxy

I wrote recently about an issue I had been investigating where CSRF validation checks were failing for AJAX requests for some users. It turned out that OCLC’s EZproxy was filtering out the X-CSRF-TOKEN and X-XSRF-TOKEN headers from those requests causing the Laravel server to return a 419 error response. In…

Csrf

4 min read

Aug 5, 2020

CSRF checks fail with a standard EZproxy instance

TL;DR — with a standard config, EZproxy filters out headers with the names X-CSRF-TOKEN and X-XSRF-TOKEN. Any CSRF validation checks that require one of those headers to be present in a request will fail. What’s going on I wanted to write something about this because my googling for the terms CSRF and EZproxy…

Csrf

3 min read

Jan 12, 2020

Turning subreddits into playlists

I subscribe to the ProgMetal subreddit, because there’s nothing I like more than hearing a virtuoso play an 8-string guitar solo while assorted drummers, bassists, keyboard players, cellists and french horn players alternate bars of 19/16 and 7/4. The majority of posts on /r/ProgMetal are links to tracks on YouTube…

Nodejs

4 min read

Apr 24, 2018

Keep API secrets secret with Gitlab CI and Webpack

If your app communicates with any 3rd party APIs, it’s likely to need to use some pieces of information to identify itself, such as IDs, API keys or client secrets. …

Java Script

3 min read

Keep API secrets secret with Gitlab CI and Webpack