A passion for the web and clean code.

A profile picture of author Paul Heasley

about the author Paul Heasley

I’m a .NET Technical Lead with a interest in UX / interface design. I have excellent communication skills, proven leadership ability and I’m passionate about producing products that are a joy to use.

I’m also a Microsoft Certified Professional Developer and Certified ScrumMaster.

Contact Me

Using OWASP ZAP to test for CORS origin reflection exploits

posted on 15 June 2020 in infosec with 0 Comments

Cross-Origin Resource Sharing (CORS) protects a user from having sensitive information leaked from one site to another. If the browser allowed any cross-domain XHR requests, sites would be able to steal information from other sites that you are logged into by making authenticated requests to them via JavaScript (the target site’s cookies will be sent with the request). But CORS can be easily misconfigured and result in vulnerabilities in your site, one particular misconfiguration is CORS origin reflection, where the Origin request header is processed through a whitelist (or regular expression) on the server and if allowed, is returned in an Access-Control-Allow-Origin: response header. Poor regex can result in allowing unintended domains through.

In this post I’ll walk you through using OWASP ZAP to manually test a list of domain names passed as origins to a webserver, and evaluating whether they are reflected in the allowed CORS domains.

Read Article

WTForms SelectField with Custom Option Attributes

posted on 14 May 2020 in programming with 0 Comments

I was surprised to run into this problem in my Flask app, I needed to pass a custom attribute to one of the options in a select list provided by WTForms (in my case I wanted to set the first option as disabled), but it turns out that this is a common problem with lots of work arounds.

Here’s a nice clean solution to pass those custom attributes, keeping the built-in SelectField, but using a custom widget which supports providing attributes for any of the options via a keyed dictionary.

Read Article

Simple, Cost Effective ECS Service Communication

posted on 07 February 2020 in programming with 0 Comments

3 Docker containers want to communicate with each other. They live on a single host with no scaling, it should be a trivial problem right? If you’re hosting them on AWS ECS you can use ECS Service Discovery, but for this simple scenario it’s costly and overly complex. Here’s a cheaper, simpler way.

Read Article

Notepad++ TextFX 0.25 x64

posted on 01 May 2019 in programming with 0 Comments

There’s plenty of messages about why you shouldn’t need TextFX for Notepad++ anymore, but if you’re feeling nostalgic I’ve got you covered, here’s the binary for x64 bit systems compiled from the sources.

Read Article

Using CSS Modules with Angular, TypeScript and Bootstrap

posted on 21 February 2018 in programming with 0 Comments

CSS is simultaneously both the simplest and hardest programming language at once. What could be simpler than selectors, properties and values? And yet how quickly can CSS become an overwhelming mess, paralyzing unsuspecting developers who are too afraid to change a style because it’s hard to find and test all it’s usages, so they just add another style to the mess.

CSS Modules aims to alleviate a lot of these problems by scoping styles to a specific component, so other page styles won’t conflict with your component and your styles won’t leak onto other areas of the page.

Read Article

Faster AngularJS tests using the component driver pattern

posted on 13 February 2018 in programming with 0 Comments

When writing tests I prefer to test multiple functions and their interactions at once, rather than constraining a test to a single function or unit. This ensures that the test operates in more realistic way, and avoids maintaining unnecessary tests over code paths that can’t be reached.

Protractor e2e tests for AngularJS interact directly with the DOM and usually provide more value than unit tests. I’m not interested in whether a controller behaves a certain way, I’m more interested in what happens when a user clicks a certain button on a page. But protractor tests are slow. In the largest AngularJS project I manage, there are over 300 protractor tests that take up to 15 minutes to complete, that’s a very slow feedback loop. In order to bring the test time down I’m turning back to AngularJS unit tests, using the component driver pattern to still inspect and interact with DOM elements.

Read Article

Write AngularJS like it's 2018

posted on 07 February 2018 in programming with 0 Comments

When React became mainstream it changed the way we thought about writing single page JavaScript applications, it promoted readability and maintainability over abstracting complex interactions. These principles resonated with the JavaScript community and influenced the development of Angular, unfortunately many of us are still stuck maintaining AngularJS (Angular 1.x) apps that are growing ever more complex.

This post presents 9 tips for writing better AngularJS based on more modern principles. These tips are the distilled learnings from working with a team of developers managing an AngularJS app over the last 3 years that has grown to over 25,000 lines of Angular.

Read Article

Vanilla MVVM for Xamarin Forms

posted on 19 December 2017 in programming with 0 Comments

Want to do MVVM without the frameworks? Xamarin Forms provides everything we need to implement the pattern and make our ViewModels testable.

Note that some naming, patterns and code have been borrowed from the excellent FreshMVVM framework. This is a great lightweight framework to get started with if you don’t want to roll your own.

Simply put, MVVM helps us to abstract any UI logic out of the View and into a ViewModel to make it testable, while the data and business logic remains in the Model.

To avoid boilerplate code we’re going to create a couple of base classes, one for our Views, and one for our ViewModels.

Read Article

Advanced Redux in Xamarin Part 3: Database Middleware

posted on 21 July 2017 in programming with 0 Comments

In this final post in the series on advanced Redux in Xamarin, we'll look at how to integrate a local database with Redux, we'll write Middleware that intercepts CRUD Actions and applies them to our database.

Read Article

Advanced Redux in Xamarin Part 2: Persistent Actions Middleware

posted on 20 July 2017 in programming with 0 Comments

In this second post in the series on advanced Redux in Xamarin, we'll look at how to persist Actions so application state can be restored when the app restarts. We'll do this by creating Middleware that will intercept each action and save it to a persistent store, then rehydrate the application state from that store on app startup.

Read Article