Skip to content

Instantly share code, notes, and snippets.

View dsomel21's full-sized avatar

Dilraj Singh dsomel21

26 followers · 84 following
View GitHub Profile
@victorwhy
victorwhy / gist:45bb5637cd3e7e879ace
Last active February 21, 2023 11:17
How Sinatra routes PUT/PATCH and DELETE

HTML and Sinatra really only support the GET and the POST methods. In order to be able to use the PUT and DELETE methods in Sinatra, you kind of have to "trick" the form to go to the right place. Then you can name the routes the proper way - otherwise you can only really work with GET and POST.

I used the Craiglist Jr challenge for some examples. Let's look at a quick example of a POST form/method/route- in this case, we're creating a new Craigslist article:

POST form and corresponding route:

<form action="/article/new" method="post">
  --------------------------------
  YOUR FORM FIELDS HERE
anonymous
anonymous / index.html
Created July 6, 2016 02:37
// source http://jsbin.com/yidipu
<script src="https://code.jquery.com/jquery.min.js"></script>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script><script src="https://fb.me/react-with-addons-15.1.0.js"></script>
<script src="https://fb.me/react-dom-15.1.0.js"></script>
<div id="container"></div>
<script id="jsbin-javascript">
var TweetBox = React.createClass({displayName: 'TweetBox',
getInitialState: function() {
return {
text: ""
@samsch
samsch / stop-using-jwts.md
Last active October 3, 2024 22:31
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions