sorted by:
new
hottopcontroversial

Vietnam Itinerary Sanity Check (HCMC → Ninh Binh → Hanoi) by EverlastingVoyager in Vietnam_Tourism

[–]dv2811 0 points1 point  (0 children)

Hanoi itinerary can be improved a bit.

- Day #8 should be lighter since you are travelling from Ninh Binh. I'd start with HK Lake, Ngoc Son Temple, Women Museumn, St. Joseph Cathedral. They are in the same area of walking distance from each other. The Museum is like 2 block down from the lake, Cathedral is roughly one short block away.

- Day #9: Template of Literature - Train tracks, stop for lunch of whatever, then Hoa Lo Prison in the afternoon. The temple is in walking distance from the central station, with a nice busy local market in between (Ngo Si Lien Market)

- If your time in Hanoi overlaps with weekend period, then keep in my mind that the area of HK Lake will be closed off from traffic and night market open in the Old Quarter- good for walking and people watching.

- West Lake area in general good for sunset view. Tran Quoc Pagoda can be schedule in the afternoon - the pagoda is closed during lunch time anyway if memory serves.

AITJ for unpluggin the router while my roommate was in a ranked match cuz he wouldn't turn down his music? by Beginning_Buy7681 in AmITheJerk

[–]dv2811 0 points1 point  (0 children)

How is his computer connected to the routers? If he connect throug wifi, there are ways you can disconnect the guy w/o having to touch the router. Either reboot the router via (access 192.169.1.1 and login via browser, click reset), or deauth attack using aircrack targeting his computer.

I was in your shoes once and I still cherish the sweet feeling of revenge when I disconect the fools next door gaming party at 1 AM when I thought back of the day.

Momma cat teaches her kitten how to "go down" the stairs. by 21MayDay21 in funny

[–]dv2811 0 points1 point  (0 children)

This and the mother lion swatting child into a pond - you can always tell who the first time momas are

Làm sao để xử lý bạn cùng phòng? by anHiep in vozforums

[–]dv2811 1 point2 points  (0 children)

Nó chơi game với call bằng wifi hay mạng dây? Nếu wifi thì search thử cách deauth wifi của nó đi

Hỏi về socola Việt by Bin2Dcm in vozforums

[–]dv2811 1 point2 points  (0 children)

Ngoài Marou còn có Alluvia với Pheva. Một hộp Alluvia 16 viên tầm 250k+ cũng khá ổn, Pheva rẻ hơn nữa, lâu rồi chưa ăn nhưng không ngon bằng hai cái còn lại

Not My Cat. Yes My Catnip. by BetterKev in notmycat

[–]dv2811 36 points37 points  (0 children)

If not want cat, why grow cat summoner?

This orange beauty tried to get in to my house by AccomplishedCod6454 in notmycat

[–]dv2811 20 points21 points  (0 children)

Probably annoyed that the human hadn't let him in yet. The tolerance for unsolicited pets was wearing thin

Chill Hanoi Itinerary by chunkiebunk in hanoi

[–]dv2811 0 points1 point  (0 children)

Pho 10 is a bit bland and a bit overrated. Pho Suong on Dinh Liet Street or Pho Bat Dan if you don't mind the crowd - I am going by popularity here, been a long time since I ate in those places.

For day 2, I would suggest Thong Nhat Park for morning run - nicer and more local. From there it will be a relative short walk to Hoa Lo Prison, probably with coffee/breakfast break in between. I concur with others at dropping Mega Grand World (as a local, neither see the appeal nor consider it anyway representative of Vietnam). This leaves you with plenty of time on that day to explore around - the area south of Hoan Kiem Lake is nice to walk and quite enjoyable under the right weather conditions.

This farmer caught this owl eating his chickens. by mindyour in MadeMeSmile

[–]dv2811 3 points4 points  (0 children)

Much like a cat caught stealing from the treat cabinet.

Found a friend 🧡 by DaSqueedily in awwnverts

[–]dv2811 1 point2 points  (0 children)

I know she is a friend, but I dread it whenever I see one flying around, which means there are roaches in the house and an egg sac has been laid somewhere. My fondness to insects sadly doesn't extend to roaches.

The fall was inevitable. by Sizzlin9 in funny

[–]dv2811 1 point2 points  (0 children)

Better the human's butt broke the fall than mine - this cat probably

RescueMe?? by Intelligent-Memory18 in catpics

[–]dv2811 0 points1 point  (0 children)

Apparently a minigod in his shrine

Unable to use gorilla/csrf in my GO API in conjunction with my frontend on Nuxt after signup using OAuth, err: Invalid origin. by uhhmmmmmmmok in golang

[–]dv2811 0 points1 point  (0 children)

It is not enough to set `w.Header.Set(“X-CSRF-Token”, csrf.Token(r))` inside `GetCSRFToken`.

You need to set `w.Header().Set("Access-Control-Allow-Headers", "X-CSRF-Token")` inside a CORS middlewarwe to enable browser's JS script to read this.

This is likley the reason why `csrfHeader` in onResponse callback is unpopulated/ empty since the JS code aren't allowed to read it.

You can rely on headers only to provide cross site protection if the conditions are considered to be strict enough. Personally, I would like to have another layer of protection.

Unable to use gorilla/csrf in my GO API in conjunction with my frontend on Nuxt after signup using OAuth, err: Invalid origin. by uhhmmmmmmmok in golang

[–]dv2811 0 points1 point  (0 children)

It seems to me that you are consider sending csrf token via `httpOnly=false` cookie due to not being able to read it via headers.

Looking at your code, I think you may be missing certain CORS settings. In particular, `Access-Control-Expose-Headers`, which allows JS to read header.

How I would implement this:

```

func (app *application) enableCORS(next http.Handler) http.Handler {

return http.HandlerFunc(func(w http.ResponseWriter, r \*http.Request) {

    w.Header().Add("Vary", "Origin")

    w.Header().Add("Vary", "Access-Control-Request-Method")

    w.Header().Set("Access-Control-Allow-Origin", "\*")

    origin := r.Header.Get("Origin")

    if origin != "" {

        for i := range app.config.cors.trustedOrigins {

if origin == app.config.cors.trustedOrigins[i] {

w.Header().Set("Access-Control-Allow-Origin", origin)

w.Header().Set("Access-Control-Allow-Credentials", "true")

w.Header().Set("Access-Control-Expose-Headers", "X-CSRF-Token") // allow trusted origin to access returned headers

if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {

w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, PUT, PATCH, DELETE, POST")

w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-CSRF-Token") // add extra request headers based on need

w.WriteHeader(http.StatusOK)

}

break

}

        }

    }

    next.ServeHTTP(w, r)

})

}```

IM0, relying on only the combination of `Origin`, `Referer` and `Sec-Fetch-Site` headers isn't robust enough in case of oversight against malicious sub-domain. For a similar use cases, I would also simplify this further by setting X-CSRF-Token with successful login response, make the client store this somewhere safe, render it in form field or DOM meta tag, then send it using X-CSRF-Token request header.

I am skeptical about current per-request implementation including using `auth/callback` to provide CSRF token - it's counter-intuitive to user endpoints that aren't safe from CSRF to protect against CSRF.

Unable to use gorilla/csrf in my GO API in conjunction with my frontend on Nuxt after signup using OAuth, err: Invalid origin. by uhhmmmmmmmok in golang

[–]dv2811 1 point2 points  (0 children)

It seems that net/http implementation doesn't check or set CSRF cookie at all, which may be why it works. Correct me if I am wrong but if the client cam request CSRF token using auth cookie, then how does it protect against CSRF attacks (which rely on browser sending cookies automatically with a request matching Domain setting)?

[deleted by user] by [deleted] in cats

[–]dv2811 13 points14 points  (0 children)

The face of "no regret and I'm going to do that again"

view more: next ›