Skip to content

Instantly share code, notes, and snippets.

View keeguon's full-sized avatar

Félix Bellanger keeguon

52 followers · 46 following
View GitHub Profile
@nelhage
nelhage / make_yaml_safe.rb
Last active December 10, 2015 23:08
Neuter YAML to help mitigate CVE-2013-0156-style attacks.
# The fact that YAML.load will instantiate arbitrary ruby objects
# means that calling `YAML.load` on untrusted data is virtually always
# equivalent to executing arbitrary code in a complex app.
# This code fragment globally neuters YAML to disable this behavior,
# which should (hopefully) cut off all such attacks from the start.
# I don't promise this closes all possible attacks, but this closes
# off the trivial case. You should audit and upgrade all your
# dependencies, as well.
@gavinhungry
gavinhungry / nginx-tls.conf
Last active October 20, 2025 00:46
Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Name: nginx-tls.conf
# Auth: Gavin Lloyd <[email protected]>
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
# to SSL/TLS are not included here.
#
# Additional tips:
#
@wincent
wincent / gist:598fa75e22bdfa44cf47
Last active October 24, 2025 04:38

2015-01-29 Unofficial Relay FAQ

Compilation of questions and answers about Relay from React.js Conf.

Disclaimer: I work on Relay at Facebook. Relay is a complex system on which we're iterating aggressively. I'll do my best here to provide accurate, useful answers, but the details are subject to change. I may also be wrong. Feedback and additional questions are welcome.

What is Relay?

Relay is a new framework from Facebook that provides data-fetching functionality for React applications. It was announced at React.js Conf (January 2015).