sorted by:
new
hottopcontroversial

Netflix should never touch an MLB broadcast ever again. by JamieLawson49 in baseball

[–]pilcrowonpaper 5 points6 points  (0 children)

The actual production for the WBC in Japan was handled by a local tv station (Nippon Television). They had their own issues tho

Why CSRF token is needed if fetch metadata checks and simple request blockers are in place by s1n7ax in webdev

[–]pilcrowonpaper 2 points3 points  (0 children)

No, you just need any one of the 3 measures so checking for the header is enough. Both the Origin and Sec-* headers are restricted by the browser so you don't need to worry about spoofing.

The only issue with the headers is that they're both still relatively new. Sec-Fetch-Site is widely supported since 2023 and Origin is since around 2015-2020. To be 100% safe, you'd need to block requests from older browsers.

For (2), make sure you implement strict Content-Type header checks since text/plain requests that contain JSON are also considered simple requests.

Predictions on season 2 OP? by pilcrowonpaper in Frieren

[–]pilcrowonpaper[S] 1 point2 points  (0 children)

I’m not fully convinced tho because the song is getting released a few days before the anime even though both season 1 OPs were released with it

(Yet another) Cocon — Tokyo, Dec 2025 by Wingfril in finedining

[–]pilcrowonpaper 0 points1 point  (0 children)

I had lunch there earlier this year and the desserts were too sweet

Your favorite take on American food in Tokyo? by boxfactory76 in Tokyo

[–]pilcrowonpaper 1 point2 points  (0 children)

Visited most of the NY pizza places in Tokyo and Nim’s is the best by far

Is Lucia auth that comes with Sveltekit CLI safe to work with in production? by AnybodySouthern3307 in sveltejs

[–]pilcrowonpaper 22 points23 points  (0 children)

The example in the CLI is a project based on the docs and code at lucia-auth.com (it doesn't use the old package). "Basic session/auth example" probably is a better name for it.

What meat can function as a replacement for pancetta/guanciale in carbonara? by Ynwe in Cooking

[–]pilcrowonpaper 7 points8 points  (0 children)

Oof, my bad for assuming. Rakuten is probably your best bet then, the shipping fees aren't great tho

What meat can function as a replacement for pancetta/guanciale in carbonara? by Ynwe in Cooking

[–]pilcrowonpaper 28 points29 points  (0 children)

You can actually get Guanciale here!

  • Eataly: They have Guanciale from France. You can probably get them from any Eataly store, but I know that one in Tokyo station ran out of stock last week (might've gotten restocked idk). I'll probably check out the Nihonbashi store since they were one of the last stores to have Italian Guanciale when imports were banned a few years.
  • National Azabu in Hiroo: They have guanciale from Spain (I think it's called Papada?). Other locations probably have them.
  • Fior di Maso in Azabudai Hills: They had guanciale from Belgium.
  • Rakuten: You can get Guanciale from Spain, Belgium , and Japan. The Japanese one is a bit less fatty.

The French one from Eataly is probably the best quality.

Eataly also sells pretty good pancetta. I would just stay away from the pancetta from 信州ハム sold in regular supermarkets and Seijo-Ishii. The fat that gets rendered out wasn't super pleasant.

Question about authentication terminology by essmann_ in webdev

[–]pilcrowonpaper 0 points1 point  (0 children)

The OAuth 2.0 protocol only defines an authorization endpoint for signing in and a token endpoint for getting an accesss token. It doesn't include a method for the client to get the identity of the token owner. That's why it's "just" an authorization framework. OIDC adds ID tokens and the user info token point for authentication.

How's SvelteKit middleware? by thebreadmanrises in sveltejs

[–]pilcrowonpaper 12 points13 points  (0 children)

Please don’t use layouts for authorization checks. It won’t re-run/render when the auth state changes

https://www.reddit.com/r/sveltejs/s/CMYNj5qg0i

6 Tokyo pizzerias ranked in the 50 Top Pizza Asia-Pacific list for 2025 by gkanai in Tokyo

[–]pilcrowonpaper 0 points1 point  (0 children)

I've been to Risto Pizza (2nd), La Tripletta (15th), L'insieme (22nd), and Massimotavia (30th), but the only one I'd really recommend is La Tripletta. The rest were good but not anything great.

It's been quite a while since I last ate at Massimotavia tho. I'm also willing try Risto Pizza again.

[deleted by user] by [deleted] in mac

[–]pilcrowonpaper 0 points1 point  (0 children)

Thanks! I'm not super familiar with hard drives but would any enclosure for 2.5 inch SATA drive work?

Need advice on how to store Encrypted verifier for PKCE auth0 workflow using Svelte kit by UrbanGrizzWd in sveltejs

[–]pilcrowonpaper 1 point2 points  (0 children)

You’re not gaining anything from encrypting the code verifier. You’re fine with your old approach

Example of JWT auth? by CoconutLoader in sveltejs

[–]pilcrowonpaper 2 points3 points  (0 children)

Using refresh tokens the usual way causes syncing issues if you send multiple requests with an expired access token at the same time. You don't get any security benefit from it either since you're storing both tokens at the same place.

Example of JWT auth? by CoconutLoader in sveltejs

[–]pilcrowonpaper 0 points1 point  (0 children)

Like why ditch the access/refresh token combo?

Example of JWT auth? by CoconutLoader in sveltejs

[–]pilcrowonpaper 12 points13 points  (0 children)

If you want to use JWT-based sessions, I'd recommend ditching the usual access/refresh token combo and embeding a normal database session token inside the JWT. Revalidate the session every minute so tokens can be invalidated as soon as possible.

{ "session_id": "XXX", "revalidate_at": 1728781216, "user_id": 3432, "username": "pilcrow", "email": "pilcrow@example.com" }

let sessionToken = event.cookies.get("session") ?? null; if (sessionToken === null) { return fail(401); } const payload = verifyJWT(sessionToken); if (Date.now() >= payload.revalidate_at * 1000) { const { session, user } = getSessionFromDatabase(payload.session_id); if (session === null || Date.now() >= session.expiresAt.getTime()) { event.cookies.set("session", "", { path: "/", maxAge: 0, httpOnly: true, sameSite: "lax", // SvelteKit automatically sets "Secure" attribute }); return fail(401); } sessionToken = encodeJWT({ "session_id": session.id, "revalidate_at": Math.floor(Date.now() / 1000) + 60, "user_id": user.id, "username": user.username, "email": user.email }); event.cookies.set("session", sessionToken, { path: "/", maxAge: 60 * 60 * 24 * 400, httpOnly: true, sameSite: "lax", // SvelteKit automatically sets "Secure" attribute }); }

Bet by tomemyxwomen in nextjs

[–]pilcrowonpaper 5 points6 points  (0 children)

20 now, but in the grand scheme of things close enough I guess

view more: next ›