kekyo

CSRF(Cross-Site Request Forgery)攻撃について: https://zenn.dev/yktakaha4/articles/study_csrf_attack

要するに、（セッション）トークンをCookieに格納して、これで認証する運用の場合、

• フォームのPOST先のエンドポイントやWebAPIに対してのHTTPリクエストに、勝手にセッショントークンが送られてしまう（Cookieに入っていて、なおかつ同一のURLだから）。正規のアクセスではこの挙動を想定しているので、受信したトークンで認証が成立して問題ないが...
• 攻撃者はとにかくブラウザ経由で、フォームのPOST先のエンドポイントやWebAPIに対して要求を投げさせれば、アクセスが受け付けられてしまう（Cookieに格納されているので、勝手にセッショントークンが送られてしまうから）。

だから、Cookieによるトークンの送信に頼らずに、別の方法でリクエストにトークンを含ませる必要がある。

• HTMLのform hidden valueにトークンを入れておくと、form postでその値が一緒に送信される。これはハイジャック犯がこのトークン値を知ることが出来ないので、トークンなしまたは不正トークンで弾ける。

haruki-3281

name: Action Sample

on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  job_id:

witmin

Convert MP4 file to animated WEBP file in ffmpeg CLI

1. Install ffmpeg CLI through homebrew

In terminal.app, install ffmpeg through homebrew

brew install ffmpeg

Validate the installation:

voluntas

OpenAyame プロジェクト

日時:	2024-12-31
作:	時雨堂
バージョン:	2024.1
URL:	https://github.com/OpenAyame

このプロジェクトに興味がある人はこの資料や GitHub リポジトリ に Star をつけてもらえると嬉しいです。

aramalipoor

# Prepare required directories for Newrelic installation
RUN mkdir -p /var/log/newrelic /var/run/newrelic && \
    touch /var/log/newrelic/php_agent.log /var/log/newrelic/newrelic-daemon.log && \
    chmod -R g+ws /tmp /var/log/newrelic/ /var/run/newrelic/ && \
    chown -R 1001:0 /tmp /var/log/newrelic/ /var/run/newrelic/ && \

    # Download and install Newrelic binary
    export NEWRELIC_VERSION=$(curl -sS https://download.newrelic.com/php_agent/release/ | sed -n 's/.*>\(.*linux-musl\).tar.gz<.*/\1/p') && \
    cd /tmp && curl -sS "https://download.newrelic.com/php_agent/release/${NEWRELIC_VERSION}.tar.gz" | gzip -dc | tar xf - && \
    cd "${NEWRELIC_VERSION}" && \

fuxingloh

const express = require('express')
const SamlStrategy = require('passport-saml').Strategy
const passport = require('passport')

const cookieSession = require('cookie-session')
const cookieParser = require('cookie-parser')

// Create express instance
const app = express()

alexeygrigorev

import requests
import base64
from tqdm import tqdm


master_json_url = 'https://178skyfiregce-a.akamaihd.net/exp=1474107106~acl=%2F142089577%2F%2A~hmac=0d9becc441fc5385462d53bf59cf019c0184690862f49b414e9a2f1c5bafbe0d/142089577/video/426274424,426274425,426274423,426274422/master.json?base64_init=1'
base_url = master_json_url[:master_json_url.rfind('/', 0, -26) + 1]

resp = requests.get(master_json_url)
content = resp.json()

hail2u

var m = ["三浦", "上田", "上野", "中山", "中島", "中川", "中村", "中野", "丸山",
  "久保", "井上", "今井", "伊藤", "佐々木", "佐藤", "佐野", "内田", "前田",
  "加藤", "千葉", "原", "原田", "吉田", "和田", "坂本", "増田", "大塚", "大野",
  "太田", "安藤", "宮崎", "宮本", "小山", "小島", "小川", "小林", "小野",
  "山下", "山口", "山崎", "山本", "山田", "岡本", "岡田", "岩崎", "工藤",
  "平野", "後藤", "斉藤", "斎藤", "新井", "木下", "木村", "杉山", "村上",
  "村田", "松井", "松尾", "松本", "松田", "林", "柴田", "森", "森田", "横山",
  "橋本", "武田", "池田", "河野", "清水", "渡辺", "渡部", "田中", "田村",
  "石井", "石川", "石田", "福田", "竹内", "菅原", "菊地", "藤井", "藤原",
  "藤本", "藤田", "西村", "谷口", "近藤", "遠藤", "酒井", "野口", "野村",

tbranyen

1. Include Weather Icons in your app: https://github.com/erikflowers/weather-icons

2. Include the below JSON in your application, for example purposes, lets assume it's a global named weatherIcons.

3. Make a request to OpenWeatherMap:

req = $.getJSON('http://api.openweathermap.org/data/2.5/weather?q=London,uk&callback=?');

maarten00

/**
 * Copy of Excel's PMT function.
 * Credit: http://stackoverflow.com/questions/2094967/excel-pmt-function-in-js
 *
 * @param rate_per_period       The interest rate for the loan.
 * @param number_of_payments    The total number of payments for the loan in months.
 * @param present_value         The present value, or the total amount that a series of future payments is worth now;
 *                              Also known as the principal.
 * @param future_value          The future value, or a cash balance you want to attain after the last payment is made.
 *                              If fv is omitted, it is assumed to be 0 (zero), that is, the future value of a loan is 0.