This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-03-28
Channels
- # aleph (48)
- # announcements (3)
- # bangalore-clj (1)
- # beginners (131)
- # cider (30)
- # cljdoc (6)
- # cljs-dev (53)
- # cljsrn (24)
- # clojure (312)
- # clojure-austin (2)
- # clojure-europe (4)
- # clojure-finland (6)
- # clojure-nl (24)
- # clojure-spec (24)
- # clojure-uk (66)
- # clojurescript (185)
- # core-async (46)
- # cursive (10)
- # data-science (9)
- # datomic (15)
- # devcards (2)
- # emacs (50)
- # fulcro (28)
- # jobs (1)
- # jobs-discuss (2)
- # kaocha (11)
- # lein-figwheel (12)
- # nyc (1)
- # off-topic (105)
- # other-languages (80)
- # pedestal (6)
- # re-frame (50)
- # reagent (5)
- # reitit (1)
- # remote-jobs (2)
- # ring (10)
- # rum (1)
- # shadow-cljs (10)
- # spacemacs (19)
Hi, everyone. Why do clojurescript adds redundant \
?
I have this regex
(def youtube-regex #"(?:youtube\.com\/\S*(?:(?:\/e(?:mbed))?\/|watch\?(?:\S*?&?v\=))|youtu\.be\/)([a-zA-Z0-9_-]{6,11})")
(def youtube-link "")
(re-matches youtube-regex youtube-link)
console states about error Uncaught SyntaxError: Invalid regular expression flags
and regexp looks like this
chromex_sample.background.core.youtube_regex = /(?:youtube\.com\\/\S*(?:(?:\\/e(?:mbed))?\\/|watch\?(?:\S*?&?v\=))|youtu\.be\\/)([a-zA-Z0-9_-]{6,11})/;
Or above regexp has errors?
sources are here https://github.com/maximtop/tabs-builderSolution was found. Not like in the JS, ClojureScript escapes slashes himself. So i've removed all redundant escapes and now the regexp works as supposed to
@nathantech2005, @dnolen, @kwladyka, having slept on it, my eye went right to the problem -- I wasn't actually throwing the js/Error, I was calling it as a function. Having fixed that, this clause works just fine ... (is (thrown? js/Object (ig/unique #{:just-me :no-theres-me-too!}))). Before the thrown? was failing because it wasn't actually uh, thrown. Sorry for the confusion. Boy am I dumb. 😳
Would you mind posting the old and new code... did you just need another ( ) ?
Or 1 less ( )... calling it as a function
Sure. Old and bad: (let [error-msg (str "Non-unique: " coll)] #?(:clj (throw (Exception. error-msg)) :cljs (js/Error. error-msg) )) New and good: (let [error-msg (str "Non-unique: " coll)] #?(:clj (throw (Exception. error-msg)) :cljs (throw (js/Error. error-msg)) ))
I suppose I could also have moved one of the parens.
and the :clj reader macro
ahh, makes a lot more sense, need the throw added in there
Yeah, and in retrospect the log traces pointed to this problem, but I'm just starting in with this javascript stuff, and I didn't know what I was looking at.
Solution was found. Not like in the JS, ClojureScript escapes slashes himself. So i've removed all redundant escapes and now the regexp works as supposed to
Anyone experience a firefox issue where looping requestAnimationFrame seems to fire once every second? It’s fast on Chrome and Safari but crawls on Firefox. https://codepen.io/jayzawrotny/pen/XGLoKx?editors=0012
Like in Chrome and Safari, 25 frames are logged in < 1 second. In Firefox it takes 25 seconds.
Looks like it might be codepen causing this behavior. Happens for me on your link but not in fullview. https://codepen.io/jayzawrotny/full/XGLoKx
Might be the iframe >You should call this method whenever you're ready to update your animation onscreen. This will request that your animation function be called before the browser performs the next repaint. The number of callbacks is usually 60 times per second, but will generally match the display refresh rate in most web browsers as per W3C recommendation. requestAnimationFrame() calls are paused in most browsers when running in background tabs or hidden <iframe>s in order to improve performance and battery life. https://developer.mozilla.org/en-US/docs/Web/API/window/requestAnimationFrame
What do you use for Single Page Application with Single Sign On? When add things like Access-Control-Allow-Origin
, Access-Control-Allow-Credentials
, redirections etc. to concern I am confuse about choose solutions and tools in Clojure / ClojureScript for this purpose.
At that moment I have http://auth.foo.com http://spa1.foo.com, http://spa2.foo.com etc. So everything is in one domain, but who knows the future
So for example Access-Control-Allow-Credentials
true will make an issue about inject JS in one of SPA, so I would like to avoid it. So what left? Only redirections can be consider as secure?
If you ever run into cross domain problems... I hack it by hiding everything behind an nginx proxy
I can also bypass content site policiez
Use nginx to bypass CORS
Nginx can mask domains as the same domain
Hide the real domain. Pass thru. No header modifications.
so you mean you change under the hood http://foo.com , http://bar.com, http://baz.com to http://foo.one-domain.com, http://bar.one-domain.com etc.?
Helps solve CORS problems on API calls
Makes the server think it is on 1 domain
Well... subdomains don't trigger cross site problems
Only different root domains cause problems with CORS
Hmm I am testing it locally by dev.localhost
and I have to set Access-Control-Allow-Credentials: true
to make it work
On CORS? Let me check
I send query by https://github.com/JulianBirch/cljs-ajax (goog.net.XhrIo)
Ahhh ok... you are correct
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
Request.credentials set to "include" is triggering it
additional issue is redirection, so user come to http://spa1.foo.com/path, redirect to login to http://auth.foo.com, but needs to back to http://spa1.foo.com/path
I would like to use library which already solved this issue, but I don’t see it for clj /cljs unless I don’t understand something 🙂
> Request.credentials set to “include” is triggering it Yes I have it also set in FE
I think you need an RFC 5471 compliant library
There is a new cross site solution being used but its brand new
Let me search
It will be great if you can recommend me something to use or tell how to do it right and secure.
Oauth is more for 3rd party google logins
Did you see the ring-cors library?
> Did you see the ring-cors library? I didn’t. I was focused on Single Sign On solution, but maybe I should make smaller steps, because there is no such library at that moment
https://security.stackexchange.com/questions/123383/cross-domain-session-standardization
Terminology is called "single sign on"
I guess Oauth does support it
So… there is no other way: I have to care about Access-Control-Allow-Origin
, Access-Control-Allow-Headers
, Access-Control-Allow-Credentials
myself using ring-cors or whatever solution. Additionally I have to care myself about redirections when login? Combining both I will solve my issue?
I would have used nginx for this
It takes away all the library dependent challenge problems
you mean you will set Access-Control-Allow-Origin
, Access-Control-Allow-Headers
, Access-Control-Allow-Credentials
by nginx proxy?
I have bypassed CORS with nginx
No need to set CORS
I'd have to check if nginx proxy can share sessions
So redirection worls
mmm but on dev.localhost
I have to set all this parameters to work in the same domain, but different port.
It is involved
Still I am not sure if solving CORS is really what I need to Single Sing On solution. I mean it is connected, but not sure if it is right way to achieve the goal.
Yes. For redirects.
It solves cross domain problem
I would have kept the auth server on the main domain
Personally... I'd use nginx
Proxy alias it
But its my own hack... not standard
Because oauth2 will need libraries to support it
If you can find stable library... then ok
How about raw JS libraries?
You can also load react libraries into cljs
But JS npm is always breaking stuff
I'd prefer a server solution
I'd test if clojure-cors can handle redirects
Or move the auth server onto the main domain
Is this for a company or just personal?
Ya... that's why I ask... what is it for
well it is project which will became company if I will finish it 🙂 Besides of it I want to learn how do it right.
Ok... move auth to main domain
And use cors library
Then you just need cors for any ajax calls
Redirection is from having a different auth system on a subdomain?
But I am afraid about injecting JS a little. Some of this SPA will deal with JS rendering as template.
Any templates need sanitized
That is XSS attack
*redirections - http://spa1.foo.com/path -> http://auth.foo.com -> http://spa1.foo.com/path
If anything... allowing redirections opens up more security problems
Because I can authorize off that http://auth.foo.com server by middle man
I can middle man attack if redirections are allowed
Another reason to keep auth on the main domain
Oauth uses a handshake
It is not a 1 way message
Better make sure to set HSTS too
Or I can force drop SSL on a man in middle
I hacked my own corporate logins before... no HSTS
Ya. Don't do that unless you have a pen testing contract. Highly illegal.
So summarise this up:
1) I can use http://foo.com and subdomains with Access-Control-Allow-Origin
, Access-Control-Allow-Headers
, Access-Control-Allow-Credentials
, Strict-Transport-Security
+ care about redirections for login purpose.
2) OAuth2, but there is no library to recommend
Oauth2 is really client side from my understanding
Server side... would be things like sessions
Shared sessions on the backend
there is buddy, but authentication there is not for SPA SSO. Unless maybe use buddy for redirections (OAuth) but handle CORS myself hmm
There is Oauth2 server side?
Ahhh I understand
I need to do a break, it blows up my minds. Still not sure what to do. But maybe there is no ready to use full solution. Maybe I need to care about this CORS part myself
You want to setup your own Oauth2 Server... gotcha
I haven't done that, yet
Sounds fun though
Ya, take a break. Maybe we can collab on github
But as I understand OAuth2 solutions can be different and do authentication in different ways
Put your stuff on github
Maybe community needs a library
there is https://github.com/mbuczko/cerber-oauth2-provider but it looks very fresh
> Maybe community needs a library At least I needs library or documentation how to achieve it in clj / cljs 🙂 But…. maybe I can just use Java library or something. I don’t know what is right way to do it.
Well… OAuth probably support it, but when looking closer on libraries there is no good support for SPA
re-find says it returns a vector
>> Returns the first regex match, if any, of s to re, using
re.exec(s). Returns a vector, containing first the matching
substring, then any capturing groups if the regular expression contains
capturing groups.
but (re-find #"ab" "ab") => "ab"
but my real question is how to group things into an or clause without capturing. ie, (re-find #"(a|b)?c" "ac")
without capturing junk but just the notion, "a or b or neither and a c". as the capturing group changes the return type from string to vector of string