When logging is turned on you see the warning: attack prevented by Rack::Protection::HttpOrigin.
set :protection, :origin_whitelist => ['https://s-static.ak.facebook.com']
or
ab \ | |
-n 1000 \ | |
-c 20 \ | |
-s 30 \ | |
-p post-data.txt \ | |
-T 'application/x-www-form-urlencoded; charset=UTF-8' \ | |
-v 3 \ | |
-H "X-Requested-With: XMLHttpRequest" \ | |
-H "X-Ajax-Referer: http://example.com" \ | |
-H "Accept-Encoding: gzip, deflate" \ |
Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.
This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would
{ | |
"presets": ["es2015"], | |
"plugins": [ | |
"add-module-exports" | |
], | |
} |
#!/bin/bash | |
# This script cleans all cache for Microsoft Teams on Linux | |
# Tested on Ubuntu-like, Debian by @necrifede, Arch Linux by @lucas-dclrcq and Manjaro with flatpak by @danie1k. Feel free to test/use in other distributions. | |
# Tested Teams via snap package. | |
# Tested Teams via flatpak package. | |
# | |
# How to use in terminal: | |
# ./clear_cache_MS_Teams.sh ( deb-stable | deb-insider | snap | flatpak ) | |
# or |
Minimum bar: support patient/
scopes (e.g., patient/ExplanationOfBenefit.read
),
and authorize the app for each patient record. So here at authz time,
e.g., scope=launch/patient patient/ExplanationOfBenefit.read patient/Coverage.read ...
e.g., scope=launch/patient patient/*.read
Beyond the minumum, a server can support user-level scopes ("do you want to share all the records you have access to with the following app"...)