certificates – Adding Expect-CT header to HTTP response

In the security test report, I have a recommendation to add Expect-CT header to the HTTP response from web application, additionally developers set this to:

Expect-CT: max-age=0, report-uri=

I am not sure if it is a good idea to add this header. According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT:

“The Expect-CT will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.”

So because certificates are expected to support SCTs by default I do not think that this header makes any sense.

When it comes to configuration according to https://scotthelme.co.uk/a-new-security-header-expect-ct/ max-age=0, report-uri= means:

“This policy is deployed in report-only mode and if the browser doesn’t receive CT information that it’s happy with, referred to as not being ‘CT Qualified’, rather than terminate the connection it will simply send a report to the specified report-uri value.”

Because I don’t have uri here, the report will not be sent, so there is no additional security at all.

On the other hand I see that some popular websites like Linkedin still use this header, the example from Linkedin:

Expect-CT: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"

google cloud platform – ERROR: (gcloud.app.deploy) Error Response: [13] Flex operation

PLS HELP!!! I already checked all the quotas and they seem to be fine. Don’t know what cause the error?

Updating service (default) (this may take several minutes)…failed.

ERROR: (gcloud.app.deploy) Error Response: (13) Flex operation projects/objreg-278609/regions/us-central1/operations/214e2dcc-8a7a-4204-898a-580dc14e6a97 error (INTERNAL): An internal error occurred while processing task /appengine-flex-v1/insert_flex_deployment/flex_create_resources>2020-05-28T10:58:17.771Z15266.ow.8: Deployment Manager operation objreg-278609/operation-1590663498298-5a6b334c5f340-589a82aa-ed20dd6f errors: (code: “RESOURCE_ERROR”
location: “/deployments/aef-default-20200528t054325/resources/aef-default-20200528t054325”
message: “{“ResourceType”:”compute.beta.regionAutoscaler”,”ResourceErrorCode”:”403″,”ResourceErrorMessage”:{“code”:403,”errors”:({“domain”:”usageLimits”,”message”:”Exceeded limit ‘QUOTA_FOR_INSTANCES’ on resource ‘aef-default-20200528t054325’. Limit: 8.0″,”reason”:”limitExceeded”}),”message”:”Exceeded limit ‘QUOTA_FOR_INSTANCES’ on resource ‘aef-default-20200528t054325’. Limit: 8.0″,”statusMessage”:”Forbidden”,”requestPath”:”https://compute.googleapis.com/compute/beta/projects/objreg-278609/regions/us-central1/autoscalers”,”httpMethod”:”POST”}}”
)

python – Using a dictionary template for consistent response structure from an API

There is no need to use deepcopy here. Just have a function that returns a new object when you need it. And while you’re at it, just make the message and the result parameters of that function. Or even all of them:

def json_response(message, result, status="ok", code=0, error=False):
    return {
        "status" : status,
        "code" : code,
        "error" : error,
        "message" : message,
        "result" : result
    }

@route('/example')
def example():
    result = {
        "title" : "Test Title",
        "body" : "<p>Lorem ipsum dolor sit amet...</p>"
    }
    return json_response("Success", result)

Having all as parameters, but with default values, allows you to do this in the future:

json_response("Failure", None, status="fail", code=404, error=True)

In the end it depends on how often you need to use this template whether or not this is better than just directly returning the dictionary explicitly:

@route('/example')
def example():
    return {
        "status" : "ok",
        "code" : 0,
        "error" : False,
        "message" : "Success",
        "result" : {
            "title" : "Test Title",
            "body" : "<p>Lorem ipsum dolor sit amet...</p>"
        }
    }

With 39m unemployed, 1.6m cases and 94,000 deaths, has Donald Trump’s Coronavirus response been a success or an abject failure?

If a leader lets his, or her followers die then that’s not a good leader. A leader can’t lead NOBODY.

Trump isn’t completely to blame, for the virus. The coronavirus was introduced to the USA just like the rest of the other countries around the world, but it never originated from the USA, so there is only 1 country to blame, for the coronavirus spreading around the world, and it’s China.

Download hundreds of links for images in my google response sheet of my google form assign new file name

I have hundreds of links for images in the google response sheet of my google form.

I need to download these images and assign them a file name so it matches the response number in my google sheet.

If I download the whole folder of my google drive, it would be difficult to track which image corresponds to the response.

Searches and what I know:

I can create script downloading the whole folder but it does not correspond to the order in the google form.

Has the Sweden model been the best response to the coronavirus?

Sweden has universal healthcare and a strong welfare state that allows them to isolate vulnerable individuals while everyone else carries on with some degree of normalcy.

These are the very policies that American conservatives have a habit of likening to communism and fascism.

The Sweden model with no safety net, forcing people to risk their health by going to work or be homeless, is downright sociopathic.  And if course that’s what America has decided to adopt.

8 – CKeditor doesn’t work in controller response within a default theme

In a Drupal 8 project I’ve a controller which returns a form that contains a text_format field.

CKeditor is working perfectly in my administration theme (Stable), but it does not on the default theme.

I’ve tried to attach ckeditor core module libraries to the controller returned response with no results.

The role which I test with has permissions “Use simple HTML text format”, “Use full HTML text format”, also the role is checked on /admin/config/content/formats/manage/basic_html also on /admin/config/content/formats/manage/full_html.

my_module/src/Controller/MyController.php :

<?php

namespace Drupalmy_moduleController;

use DrupalCoreControllerControllerBase;
use DrupaluserEntityUser;

/**
 * Provide user form.
 */
class MyController extends ControllerBase {

  /**
   * Return page content.
   */
  public function content() {
    // Load user edit form.
    $entity = User::load(Drupal::currentUser()->id());
    $formObject = Drupal::entityTypeManager()
      ->getFormObject('user', 'default')
      ->setEntity($entity);
    $form = Drupal::formBuilder()->getForm($formObject);
    $render = Drupal::service('renderer');
    $render_form = $render->renderPlain($form);
    return (
      '#theme' => 'customize_user_form',
      '#form' => $render_form,
      '#attached' => (
        // Attach ckeditor core module libraries.
        'library' => (
          'ckeditor/drupal.ckeditor',
          'ckeditor/drupal.ckeditor.stylescombo.admin',
          'ckeditor/drupal.ckeditor.admin',
          'ckeditor/drupal.ckeditor.plugins.drupalimagecaption',
        ),
      ),
    );
  }

}

Results:

enter image description here

Any suggestions?

Many thanks.

amazon ec2 – understand http response

The 403 code means "forbidden", as you probably know. What follows the HTTP response code in your log files depends on the LogFormat directive that applies to your server / vhost / site / whatever. You may want to review the custom Apache log format and compare it against the contents of your Apache configuration file.

For example, on my computer (which serves only one website) the Apache configuration valid for the site (/etc/apache2/sites-available/000-default.conf) contains the following:

CustomLog ${APACHE_LOG_DIR}/access.log combined

That means my access log uses the nickname combined what we defined in a separate / main apache conf file (/etc/apache2/apache2.conf) as follows:

LogFormat "%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" combined

The 403 in your example corresponds to that %>s Format flag. From the documents:

%s - . For requests that have been internally redirected, this is the status of the original request. Use %>s for the final status.

This is followed by% O, ie the number of bytes sent:

%O -  sent, including headers. May be zero in rare cases such as when a request is aborted before a response is sent. You need to enable mod_logio to use this.

So don't sweat the & # 39; 199 & # 39; which is just the number of bytes sent in your response. If your server sends exactly the same page every time, it may be just the number of characters in the HTML response.