On the subtleties of URL parsing

A recent side project of me has been to write a scalable crawler which looks for broken resources (links, stylesheets, …) on a website. This project is meant to replace an existing crawler written in PHP with a more efficient implementation in golang. Part of writing a crawler includes parsing URLs on pages. Thankfully golang has the url.Parse method which makes this job easy, though there are a couple of caveats to look out....

January 9, 2021 · 2 min · Me

How to handle CSP reports

Content Security Policy (CSP) is an added layer of security that helps mitigate certain types of attacks, like Cross Site Scripting and data injection attacks. CSP is a pretty powerful tool that defines what content on your Website is allowed to be parsed/executed. On top of that it is relatively easy and relatively low risk (compared to HSTS or HKPK) to deploy, since the browser doesn’t cache content security policies....

August 21, 2019 · 2 min · Me

TLS 1.3 arrived!

Feburary 25th Go 1.12 got released with opt-in support for TLS 1.3. With the 0.11.5 release of caddy which builds on Go 1.12, caddy finally supports TLS 1.3. This also means that this site and (most of) the services I run, now support TLS 1.3. This site now supports TLS1.3! Yay! TLS 1.3 is the latest version of the TLS protocol, with many improvements. These improvements include: Mandatory perfect forward secrecy Weak hash functions and ciphers got removed Dropped support for many insecure or obsolete features including compression, renegotiation, non-AEAD ciphers, non-PFS key exchange, custom DHE groups and more And more (full list) Not only is TLS 1....

March 5, 2019 · 1 min · Me