Posts

In my Getting Started With a Content Security Policy post, I setup a report only CSP policy so that I could try and identify things that could test out a policy before implementing it. It is time to parse through the results and see what needs to be updated in my deployed policy. The original policy was very simple default-src https Inspecting The Violations I started trying to look at the current violations and I think it was clear that I had a rather permissive Content Security Policy because nothing much was being blocked. ...

I had to figure out how to get logs from CloudWatch into S3. This task is actually pretty easy because AWS provides a very nice tutorial, Exporting log data to Amazon S3, that explains how to do this either via Console or CLI. My problem is that I needed to do this daily so automating this task was my next struggle. The AWS tutorial provides details on setting up S3 and IAM for this solution so I won’t cover that here. I also found a great article by Omar Dulaimi that was the basis for my code (why completely reinvent the wheel?). With both of these laying the ground work, I got right to putting this together. ...

I recently needed to setup Content Security Policy (CSP) on a website and I couldn’t think of where to get started. The first question that came to mind was what all content do I allow and how do I test everything without having to look through all of the code on the site. This is where the Content-Security-Policy-Report-Only header can come into play. The short version is that this allows you to create a policy in report only mode and you can collect the results at the endpoint specified via the report-uri directive. That’s great! I have what I need but how do I collect what’s being reported by the clients to the report-uri and what do I use for the report-uri? This was a great place for me to begin testing out DigitalOcean Functions. ...

I wanted to be able to curate some of my favorite RSS feeds into a single location. There are an endless number of RSS readers and ways to do it but I wanted to use Slack since it’s on every device I use. Using Slack would also allow me to get notifications wherever I was. I could also easily share these articles with anyone that I thought would want to read them. ...

If you are not familiar with adminer, you can read more about it here. In short, it is a PHP script that allows you to manage various databases via a single interface. We have been successfully using the adminer official docker image from docker hub for a number of different databases. We now have a need to add Oracle as one of those databases to use with adminer. This initially seemed like a simple task. The docker hub page states ...