Writing code can be tough and writing clean code can be even more difficult some times. When you get on a roll and put together highly functional and imaginative code, it might not always look the greatest. Also, when crunched for time, it can be very difficult to go back over the code and attempt to make it as pretty as possible. You might also need to make sure other files used by your code are also formatted properly. Next, add in multiple developers, and you’ve got yourself something that can grow uglier over time. Much of these issues can be addressed by using <a href="https://pre-commit.com/" rel="noreferrer noopener" target="_blank">pre-commit</a> hooks in your Python code’s github repo. ...

I’ve been using DigitalOcean for quite some time now and had recently setup their App Platform to run my website. Their platform is great in that I’m able to build a docker container running Openresty and it handles all of my needs. The platform does a great job of catching docker build failures and stops attempting a deployment when this happens. A few weeks ago, I had a concerning thought in that they don’t catch problems with my Openresty configuration until it’s too late. The moment their platform executes openresty inside the container, everything pukes and my site goes offline. ...

In my Getting Started With a Content Security Policy post, I setup a report only CSP policy so that I could try and identify things that could test out a policy before implementing it. It is time to parse through the results and see what needs to be updated in my deployed policy. The original policy was very simple default-src https Inspecting The Violations I started trying to look at the current violations and I think it was clear that I had a rather permissive Content Security Policy because nothing much was being blocked. ...

I had to figure out how to get logs from CloudWatch into S3. This task is actually pretty easy because AWS provides a very nice tutorial, Exporting log data to Amazon S3, that explains how to do this either via Console or CLI. My problem is that I needed to do this daily so automating this task was my next struggle. The AWS tutorial provides details on setting up S3 and IAM for this solution so I won’t cover that here. I also found a great article by Omar Dulaimi that was the basis for my code (why completely reinvent the wheel?). With both of these laying the ground work, I got right to putting this together. ...

I recently needed to setup Content Security Policy (CSP) on a website and I couldn’t think of where to get started. The first question that came to mind was what all content do I allow and how do I test everything without having to look through all of the code on the site. This is where the Content-Security-Policy-Report-Only header can come into play. The short version is that this allows you to create a policy in report only mode and you can collect the results at the endpoint specified via the report-uri directive. That’s great! I have what I need but how do I collect what’s being reported by the clients to the report-uri and what do I use for the report-uri? This was a great place for me to begin testing out DigitalOcean Functions. ...