This design must be aware of the OAuth2 thread models and mitigation strategies as described in the following resources:
A host of vulnerabilities can be removed by pinning redirect_uri, scope, response_type (read: allowed grants for each client) variables in client settings when registering clients (apps).
Turn this cute YouTube cat video into a briefer-but-still-cute GIF:
| http://devstreaming.apple.com/videos/wwdc/2015/217wu453thu1r1/217/217_hd_adopting_new_trackpad_features.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/2267p2ni281ba/226/226_hd_advanced_nsoperations.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/233l9q8hj9mw/233/233_hd_advanced_touch_input_on_ios.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/224o6pqmtb4ik/224/224_hd_app_extension_best_practices.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/2048w4vdjhe1i1m/204/204_hd_apple_watch_accessibility.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/232f1zopzycv/232/232_hd_best_practices_for_progress_reporting.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/213w6grumlfm0q/213/213_hd_building_apps_with_researchkit.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/234reaz1byqc/234/234_hd_building_document_based_apps.mp4?dl=1 | |
| http://devstreaming.apple.com/videos/wwdc/2015/2313dt427pmq/231/231_hd_cocoa_touch_best_practices.mp4?dl=1 | |
| http://devstreaming.apple.com/vide |
| # requirement! install imagemagick | |
| # brew install imagemagick | |
| # or build from source here http://www.imagemagick.org/script/binary-releases.php | |
| #navigate to folder of the images | |
| cd folderofmyimages/ | |
| # take every jpg in the folder and smash into a gif with a frame rate of 0.5 sec | |
| convert -delay 50 *.jpg gif_of_my_images.gif |
| var traverse = function(o, fn) { | |
| for (var i in o) { | |
| fn.apply(this,[i,o[i]]); | |
| if (o[i] !== null && typeof(o[i])=="object") { | |
| traverse(o[i], fn); | |
| } | |
| } | |
| } | |
| // usage |
While this gist has been shared and followed for years, I regret not giving more background. It was originally a gist for the engineering org I was in, not a "general suggestion" for any React app.
Typically I avoid folders altogether. Heck, I even avoid new files. If I can build an app with one 2000 line file I will. New files and folders are a pain.
| // 4 spaces to 2 spaces | |
| %s;^\(\s\+\);\=repeat(' ', len(submatch(0))/2);g | |
| // Tab to 2 spaces | |
| :%s/\t/ /g |
| <!-- Load Feather code --> | |
| <!-- <script type="text/javascript" src="http://feather.aviary.com/js/feather.js"></script> --> | |
| <script type="text/javascript" src="https://dme0ih8comzn4.cloudfront.net/js/feather.js"></script> | |
| <!-- Instantiate Feather --> | |
| <script type='text/javascript'> | |
| var featherEditor = new Aviary.Feather({ | |
| apiKey: 'API_KEY', | |
| // apiKey: '<%= ENV['AVIARY_KEY'] %>', | |
| apiVersion: 3, |
| // | |
| // API.swift | |
| // | |
| // Created by Taro Minowa on 6/10/14. | |
| // Copyright (c) 2014 Higepon Taro Minowa. All rights reserved. | |
| // | |
| import Foundation | |
| typealias JSONDictionary = Dictionary<String, AnyObject> |
| class ApiController < ApplicationController | |
| # define which model will act as token authenticatable | |
| acts_as_token_authentication_handler_for Login | |
| # Prevent CSRF attacks by raising an exception. | |
| # For APIs, you may want to use :null_session instead. | |
| protect_from_forgery with: :null_session | |
| respond_to :json | |
| skip_before_filter :verify_authenticity_token, if: :json_request? |
