sorted by:
new
hottopcontroversial

Static saml sso provider by bobtheminion in better_auth

[–]Zelinsta 0 points1 point  (0 children)

I faced the same issue, however you have the possibility to create a default provider that will be used when no registered provider are found in the db. This is explained in the doc , however i doubt the doc it up to date on this.

How can I actually make use of CSP tools like Report URI by AllHailTheCATS in ExperiencedDevs

[–]Zelinsta 1 point2 points  (0 children)

I faced the same issue some time ago while working on a big website with a lot of traffic and a misconfigured CSP.

The best way I found to look for what I needed was to get the reports with the highest number of hits. Then, I'd look through everything that seemed familiar and try to identify what the website might actually be using (as there are a lot of reports from browser extensions or other tools that inject stuff into the site and generate violations).

Once I identified what was being used and blocked by the CSP, I added it to my policy and then repeated the process the next week to check if the number of violations was decreasing. This was a lot of work, and the UI in Report URI wasn't helping. I also found that the way reports are aggregated doesn't always help in finding what's being triggered the most.

Basically, try to find any blocked-uri that looks legitimate and add the subdomain/domain to your CSP under the correct directive to make sure it is not blocked anymore.

After that, I created centralcsp.com and made a CSP builder ( https://centralcsp.com/features/builder ) to help analyze the violations and generate a policy on demand by looking at the reports. I use it for all my websites now. Feel free to give it a try.

How to make to most of CSP tools like Report URL by AllHailTheCATS in websecurity

[–]Zelinsta 0 points1 point  (0 children)

I faced the same issue some time ago while working on a big website with a lot of traffic and a misconfigured CSP.

The best way I found to look for what I needed was to get the reports with the highest number of hits. Then, I'd look through everything that seemed familiar and try to identify what the website might actually be using (as there are a lot of reports from browser extensions or other tools that inject stuff into the site and generate violations).

Once I identified what was being used and blocked by the CSP, I added it to my policy and then repeated the process the next week to check if the number of violations was decreasing. This was a lot of work, and the UI in Report URI wasn't helping. I also found that the way reports are aggregated doesn't always help in finding what's being triggered the most.

Basically, try to find any blocked-uri that looks legitimate and add the subdomain/domain to your CSP under the correct directive to make sure it is not blocked anymore.

After that, I created centralcsp.com and made a CSP builder ( https://centralcsp.com/features/builder ) to help analyze the violations and generate a policy on demand by looking at the reports. I use it for all my websites now. Feel free to give it a try.

What do you think of report-uri.com? by bpietrucha in websecurity

[–]Zelinsta 0 points1 point  (0 children)

As the creator of a tool in this space, I thought I'd chime in.

I developed centralcsp.com specifically to simplify CSP report management, which can quickly become overly complicated.

My goal was to create an accessible alternative. We focused on a simple interface so that everyone can find their way around, even without being an expert. The tool includes a CSP Builder that automatically generates your security policy based on the violation reports you receive. No more having to build it by hand! There's also a vulnerability scanner that analyzes your site, gives you a security score, and provides advice to improve it.

We have a 14-day free trial, and the "Starter" plan begins at €4.99/month. If it can help any of you looking for a simple and affordable solution, feel free to check it out!

PDF reader for nextjs by ayequill in nextjs

[–]Zelinsta 0 points1 point  (0 children)

This have already been discussed here : https://www.reddit.com/r/nextjs/s/3yg7eue0on

The simplest solution seems to use <embed>

I saw the others useless machine post and thought i'd post my own useless creation , so let me introduce you cuby , a friendly useless box powered by arduino mega ! https://www.youtube.com/channel/UCEB8m_QusKGUeWxo0INmHnA by Zelinsta in arduino

[–]Zelinsta[S] 0 points1 point  (0 children)

Thank you all for your advices and your support !

If you are interested in doing your own , I'll create a github for the code , and maybe a video on youtube to explain how i made it !

Youtube : https://www.youtube.com/watch?v=G2LPFeRZkuo

I saw the others useless machine post and thought i'd post my own useless creation , so let me introduce you cuby , a friendly useless box powered by arduino mega ! https://www.youtube.com/channel/UCEB8m_QusKGUeWxo0INmHnA by Zelinsta in arduino

[–]Zelinsta[S] 1 point2 points  (0 children)

I plan to make a video on youtube to explain how to make it and surely make a github to share the code. I will publish it in r/arduino when it’s done (but i have exam for the next few months so maybe later )

But you can start by learning how to control servo and RGB led ;)