Sec-Fetch-Site: same-origin
Note: I wrote this on Friday, but for some reason it failed to send it out.
Tomorrow, the surf is going to get really good around here. To the subscribers that surf, the primary swell should be about 9' @ 16s. Some local spots will be throwing up double overhead waves in the next few days. It's going to be fun.
SuperGood::CSRFProtection
I saw a conversation on Mastodon where Mike Perham and Dave Copeland were discussing a new approach to CSRF protection in Go. I gave the original proposal a read and checked out the relevant docs on MDN and realized it would be pretty easy to implement this for Rack too. So, with the help of a few folks at Super Good, I did. Announcing, our new gem, super_good-csrf_protection.
The you can find the v0.2.0 release on RubyGems. It has not been rigorously tested and I've not deployed it in production anywhere yet, but it should properly emulate the behaviour of Go's http.CrossOriginProtection. I'd love it if someone who is more familiar with this CSRF protection approach would have a look.
Bundling Bundler (and RubyGems)
In a somewhat unexpected turn of events, the RubyGems and Bundler repository ownership were transferred to the Ruby core team. Ruby Central confirmed this in their own post.
The response has been mixed, but I'll offer my perspective in brief. Ruby core is responsible for all the other components that ship with Ruby, so it makes sense to me that they be responsible for these ones too. I feel like this should have happened a long time ago. This was even a suggestion by a bunch of people early in this saga.
That's not to say that all this reshuffling was fair to the existing contributors and maintainers. This definitely wasn't good for the ecosystem/community in the short term. I'm still going to watch what happens with gem.coop and other independent efforts. I merely think that the new state of affairs in a reasonable one.
An Abstract Illusion – The Sleeping City
Today's music offering is from Sweden. An Abstract Illusion's second full-length (Woe, 2022) was a prog-death masterpiece, so expectations were high for the follow up. Fortunately, The Sleeping City delivers. This record features a brighter, more melodic sound that makes careful use of strings and synths to create an overall haunting tone. Good shit.
