|
Chenghiz posted:If it's important that the user's input is valid, you should be checking server-side, regardless of whether there is a problem in the client-side validation. Never trust the client for validation. I fully agree with you on the first paragraph, but unfortunately I'm not in the position to say "Hey guys our software is dumb as gently caress and we need to change all this"  Fortunately it's corporate software so we have some control over our users PCs (ie mandating JS) but yea I know it's not ideal. They do have to manually post it to the server.
|
#
?
Jun 18, 2018 16:16
|
|
|
|
| # ? May 16, 2024 13:03 |
|
|
I've got a dumb question that I really cannot figure out. There is a package that we are relying on NPM/github. However we have to make proprietary changes to the repo. So naturally I have forked the repo. And no these are not changes that can then be resubmitted to the package as an open source contribution. However for obvious reasons the new fork cannot then be hosted through npm. So I am pretty dumb when it comes to dependencies and what not. In a sense our project is still a little blackbox in its setup to me (I was not original developer) but we use yarn and npm to build our packages/dependencies. So basically my question is, how the heck do I use this fork in my project? How do I rely on it similar to how I use node_modules and what not. It is a private forked repo, and it cannot be hosted on npm so I feel stupid but how do I reference this new forked package?
|
|
#
?
Jun 18, 2018 19:07
|
|
|
You can specify a dependency in package.json as a git repo rather than as an npm package.
|
|
#
?
Jun 18, 2018 19:14
|
|
|
Knifegrab posted:I've got a dumb question that I really cannot figure out. If the package you've forked is relatively stable and you aren't wanting to constantly pull updates from that package into your fork, you might consider just calling your package a different name. E: And host it internally, if that wasn't clear.
|
|
#
?
Jun 18, 2018 19:28
|
|
|
Thermopyle posted:You can specify a dependency in package.json as a git repo rather than as an npm package. and also as a local directory.
|
|
#
?
Jun 18, 2018 20:41
|
|
|
I feel really dumb but I am still confused, can anyone point me to a specific example or something? The repo is private but the repo itself has dependencies that must be npm installed as well.
|
|
#
?
Jun 18, 2018 21:25
|
|
|
Sab669 posted:I fully agree with you on the first paragraph, but unfortunately I'm not in the position to say "Hey guys our software is dumb as gently caress and we need to change all this" Disable form post on page load until it's valid?
|
|
#
?
Jun 18, 2018 21:30
|
|
|
Knifegrab posted:I feel really dumb but I am still confused, can anyone point me to a specific example or something? The repo is private but the repo itself has dependencies that must be npm installed as well. There's an example in the docs: https://docs.npmjs.com/files/package.json#repository
|
|
#
?
Jun 18, 2018 21:44
|
|
|
Sab669 posted:I fully agree with you on the first paragraph, but unfortunately I'm not in the position to say "Hey guys our software is dumb as gently caress and we need to change all this" Do the post via xhr instead of a form action, and only after validating all form fields.
|
|
#
?
Jun 18, 2018 21:51
|
|
|
Knifegrab posted:I feel really dumb but I am still confused, can anyone point me to a specific example or something? The repo is private but the repo itself has dependencies that must be npm installed as well. Put the fork in your main repo under like packages/my-fork and then in your main package.json replace the version for that package with that path. Boom done.
|
|
#
?
Jun 18, 2018 23:22
|
|
|
necrotic posted:Put the fork in your main repo under like packages/my-fork and then in your main package.json replace the version for that package with that path. Boom done. But now aren't I just storing the entire package in my git repo? As opposed to having that package in its own repo, and pulled when npm or yarn installs? rt4 posted:There's an example in the docs: https://docs.npmjs.com/files/package.json#repository "The URL should be a publicly available (perhaps read-only) url that can be handed directly to a VCS program without any modification." Wouldn't this not work since the repo I am forking is going to be private?
|
|
#
?
Jun 19, 2018 01:35
|
|
|
Just blew (I think) a phone interview. The question was how to know at site B that the user visited site A at some point in the past, assuming A and B are working jointly. I suggested local storage and the interview said it was ok but not great and pressed me for a better solution but I came up empty. Ideas? I’m still stumped!
|
|
#
?
Jun 19, 2018 01:44
|
|
|
If local storage or tracking cookies aren't good enough answers, I'd probably suggest a light-weight analytics api that both sites would use.
|
|
#
?
Jun 19, 2018 02:02
|
|
|
Hidden iframes using postMessage would be my go-to option there for non-server-dependent functionality that can share cookies and localstorage data across domains. Edit: Also, I think they mostly work around the nebulous spooky black-box anti-tracking behavior that's in Safari now. Roadie fucked around with this message at 02:36 on Jun 19, 2018 |
|
#
?
Jun 19, 2018 02:33
|
|
|
Put a link to site A on site B and check its style using getComputedStyle to see if it's been visited or not.
|
|
#
?
Jun 19, 2018 04:42
|
|
|
Chenghiz posted:Put a link to site A on site B and check its style using getComputedStyle to see if it's been visited or not. Or go nuts and encode your information into the colors of a png-encoded image, since those are allowed cross-site by default. Edit: later realized the suggestion I'm replying to was not to load something from the other site but to literally just put a link and interpret whether the browser styles it :visited or not. roomforthetuna fucked around with this message at 00:56 on Jun 20, 2018 |
|
#
?
Jun 19, 2018 05:21
|
|
|
Chenghiz posted:Put a link to site A on site B and check its style using getComputedStyle to see if it's been visited or not. i thought you were joking but somebody actually made a library that does this. https://readwrite.com/2008/05/28/socialhistoryjs_see_which_site/
|
|
#
?
Jun 19, 2018 14:09
|
|
|
Knifegrab posted:But now aren't I just storing the entire package in my git repo? As opposed to having that package in its own repo, and pulled when npm or yarn installs? And? Isn't the fork for changes specific to your project? If you need it for more than one project then yeah a separate repo, otherwise there's zero reason for the separation.
|
|
#
?
Jun 19, 2018 14:54
|
|
|
roomforthetuna posted:If you're going to do it by requesting between sites you could use cross-origin resource sharing and make a proper AJAX request of the other site Can you elaborate a little more here? I don’t understand what sort of request to make. Do you mean something like POST the IP address on A and try to GET it on B and see if it exists in a database? Or am I way off track here?
|
|
#
?
Jun 19, 2018 15:16
|
|
|
roomforthetuna posted:If you're going to do it by requesting between sites you could use cross-origin resource sharing and make a proper AJAX request of the other site dantheman650 posted:Can you elaborate a little more here? I don’t understand what sort of request to make. Do you mean something like POST the IP address on A and try to GET it on B and see if it exists in a database? Or am I way off track here? However, in the case of cross-site visitation analytics, http://foo.com could be configured on the backend to allow requests from http://foo.com AND http://bar.com at which point visitation analytics could be sent from http://bar.com to mingle with similar data sent from the website served at http://foo.com. Does that make sense?
|
|
#
?
Jun 19, 2018 15:35
|
|
|
IAmKale posted:
No, and I guess this is why I blew the interview. I don’t know what visitation analytics are or how to store or send them. I also don’t know what you mean by letting the data mingle. Feel free to explain or just let it go - I clearly have a lot to learn.
|
|
#
?
Jun 19, 2018 16:58
|
|
|
Are the analytics GDPR compliant? One advantage of the localstorage solution is that the data doesn't have to leave the user's computer.
|
|
|
#
?
Jun 19, 2018 17:43
|
|
|
dantheman650 posted:No, and I guess this is why I blew the interview. I don’t know what visitation analytics are or how to store or send them. I also don’t know what you mean by letting the data mingle. Feel free to explain or just let it go - I clearly have a lot to learn. First off, let's just shorten "visitation analytics" to "analytics". At the end of the day website analytics tools like Google Analytics are tasked with submitting requests to a server with information related to an "event" that occurs on a webpage. In the context of the browser, such "events" can include things like, "user clicked something", "user moused over something", or "something on the page scrolled into view". These data points are valuable to organizations as they often want to try and profile the types of users who interact with a site, measure site performance, and determine which parts of the site see the most traffic. This is the high-level goal of analytics. The "something" in those examples corresponds to whatever types of interactions the site admins are interested in tracking. For example, analytics events may be sent when the "related items" section of an ecommerce site is scrolled into view to indicate that the user moved far enough down the page to view that part of the site. A different event could be sent with an item ID whenever that item is clicked. With enough of these types of data points, site admins can analyze the data to generate conclusions that X section of the site is often seen, or Y item in the showcase is almost never clicked on. The structure of these analytics requests is implementation-specific. IIRC Google Analytics submits analytics events as GET requests with a bunch of query parameters. Other analytics libraries might accept JSON payloads with necessary properties defined within. At the end of the day, it's simply the frontend submitting requests to the backend with the necessary data. Since this is the JS thread, imagine using the axios library to make a POST request to a URL. The data you'd submit would come from event handlers you'd register in the DOM (as in a <button>'s onclick) or in JS (as with domRef.addEventListener()). That in a nutshell is how you'd collect and submit analytics events from the front end. On the backend, these events are often stored in some kind of database. That's outside of the scope of this as typically in JS land you'll only need to worry about submitting data to a URL. The server listening at that URL will take care of writing the data to the database. When I mentioned "let the data mingle", I was trying to convey the idea that analytics events from multiple sites can co-exist in a single database. If CORS is configured such that analytics events submitted from webpages at http://foo.com and http://bar.com can both be submitted to, say, http://api.foo.com then all of those events, even though they represent interactions at two different websites, can still exist within the database. The database doesn't really care where the data comes from, it's all just bits in the end. Does that help? IAmKale fucked around with this message at 23:06 on Jun 19, 2018 |
|
#
?
Jun 19, 2018 23:02
|
|
|
I dunno about them but it helped me to read that, thanks Cross-origin policy is also what get cited in Chrome when files in your local filesystem are protected and prevented from being served to pages you also opened locally using the file:/// protocol (from double clicking the html file open). For some people that's the first time the hear about CORS and it confuses them but now looking at Chrome it seems they've changed their message to something else so maybe they don't try to call that CORS related anymore. If so that's good.
|
|
#
?
Jun 19, 2018 23:37
|
|
|
Thanks for the explanation. I understand all of that, but I still am not sure what exactly I’m tracking. Did I have it right that I would basically grab and post the IP and time stamp to the analytics database and then attempt a GET on the second site to see if it exists in whatever range I’m concerned with?
|
|
#
?
Jun 19, 2018 23:41
|
|
|
Bruegels Fuckbooks posted:i thought you were joking but somebody actually made a library that does this. https://readwrite.com/2008/05/28/socialhistoryjs_see_which_site/ It was a huge privacy thing back in the day. Then the browsers went and made it harder to do certain things on visited links to prevent leaking user history.
|
|
#
?
Jun 20, 2018 00:17
|
|
|
IAmKale posted:roomforthetuna is talking about CORS. It's something configured server-side as a security measure to limit which websites can make requests to that server. For example it can be used to restrict code in a .js file loaded in http://bar.com from making requests to API endpoints at http://foo.com. Anyway, my point here is that the server-side CORS configuration (which is headers you send with the page) is not so much used to restrict a script from making requests of foreign endpoints, but rather is used to tell the browser to not restrict those requests like it normally would.
|
|
#
?
Jun 20, 2018 00:54
|
|
|
roomforthetuna posted:Anyway, my point here is that the server-side CORS configuration (which is headers you send with the page) is not so much used to restrict a script from making requests of foreign endpoints, but rather is used to tell the browser to not restrict those requests like it normally would.
|
|
#
?
Jun 20, 2018 01:11
|
|
|
Pretty much, but then it goes into particular fields and whether credentials are permitted and things about when additional preflight requests are required. Usually browsers are nice enough they tell you what is wrong and how to fix it. Anything with cookies and CORS is going to suck because CORS attacks usually work due to cookies.
|
|
#
?
Jun 20, 2018 01:25
|
|
|
Looking for advice on why I'm getting CORS errors when trying ES6 imports. No webpack; just Typescript-compiled files*, run locally without a server. Error in Firefox: code:code:code:*Also tried with an empty index.js for troubleshooting; still throws error. Related: Have y'all tried native imports? What do you think? I assume they're not suitable for production code due to the prevalence of old browser versions that don't support it. Dominoes fucked around with this message at 00:57 on Jul 5, 2018 |
|
#
?
Jul 5, 2018 00:51
|
|
|
Isn't it simply not permitted to load javascript from file urls nowadays at all, even from within local html files? I think there's a command line flag for chrome if you really need it, but you're basically just expected to run an http server for testing now.
|
|
#
?
Jul 5, 2018 01:00
|
|
|
Thank you. I fired up a simple rust http server, and no longer receive this error; working through the next one now: (Chrome) code:I suspect this could be resolved by importing the modules directly, but this isn't working: code:Dominoes fucked around with this message at 01:28 on Jul 5, 2018 |
|
#
?
Jul 5, 2018 01:07
|
|
|
Dominoes posted:It's taking my module imports, but not npm ones. In general, an explicit relative import should only be used to load other source files from elsewhere in your own module. If you're pulling in a dependency, you don't know for sure where that dependency will be installed, so try: JavaScript code:
|
|
#
?
Jul 5, 2018 01:49
|
|
|
Use a bundler like Parcel and that will solve most of the weird stuff you're going to repeatedly run into trying to use tsc's results directly. Parcel also has a no-hassle dev server with nice stack traces and stuff built in. Also, so you never have to worry about the * as thing, set "allowSyntheticDefaultImports": true and "esModuleInterop": true in your tsconfig.json and you should never have to think about it again. Roadie fucked around with this message at 01:58 on Jul 5, 2018 |
|
#
?
Jul 5, 2018 01:52
|
|
|
Thanks dudes. This appears to be an issue of TSC not knowing how to deal with importing node modules as files, and es6 imports having the opposite problem; diagnosing by editing the compiled files directly to point to .js files. Fighting a mime issue now. (And will have to re-attack how to workaround this). Roadie: That TSconfig setting sounds lovely! The import * as syntax is awk. I'm hoping to avoid bundlers entirely (not realistic?), but Parcel looks nice from a skim. Dominoes fucked around with this message at 02:04 on Jul 5, 2018 |
|
#
?
Jul 5, 2018 02:00
|
|
|
Avoiding bundlers is going to make things very painful for you. Just use parcel, you'll be much happier in the long run.
|
|
#
?
Jul 5, 2018 16:01
|
|
|
Has anyone used an A/B testing library with React? Any opinions/preferences/things to avoid?
|
|
#
?
Jul 5, 2018 21:58
|
|
|
parcel? what happened to
|
|
#
?
Jul 5, 2018 22:08
|
|
|
Everything is a fad in the world of web dev. Parcel is the new one?
|
|
#
?
Jul 5, 2018 22:46
|
|
|
|
| # ? May 16, 2024 13:03 |
|
|
 I was just getting used to Webpack.
|
|
#
?
Jul 5, 2018 23:55
|
|