I was looking for an easy way to manage Firebase Auth the way others providers are managed with grant-koa on Strapi, using users-permissions without the need to alter it (and avoid the creation of a parallel user type & permissions).

How oauth providers actually manage the user authentication? It’s quite simple, when you transmit a valid token, it’s decoded and Strapi check if the email provided is already used. If it’s used, then an object containing the user and the JWT token (the one you will be using to query Strapi) is returned. …

There are several techniques to determine the position of a robot in space. For example, odometry is particularly used with systems that move with the help of wheels. This consists, from a known position, in measuring the movement of each wheel in order to estimate the final position.

It’s often combined with other techniques because odometry alone isn’t very accurate. Obviously this technique is not usable on walking robots.

SLAM (Simultaneous Localization And Mapping)

The address bar of the browser has a very important role. Apart from allowing to enter a URL, it helps with the domain name and the SSL certificate to make sure on which website you are. When a security flaw hits the address bar, it’s considered a critical vulnerability.

Anyone who can spoof a website URL can conduct a very effective phishing attack and steal login credentials or credit card information.

The vulnerability I’m about to talk is not new. There have already been many proof of concept but despite the various warnings it is still present.

Here is an example of behavior on Chrome Android (and many others browsers) used to save a little space on the screen:

With Gridsome you can fetch data from external APIs or local files and store it in a local database. Then with GraphQL you can query, filter this data and use it in your components.

I’m gonna give you an example with a local JSON file:

It’s pretty similar to the way you load data from external APIs, except you don’t need to use Axios or to do any HTTP request. Instead, you just load your JSON file on Gridsome build and put the data in a contentType object.

Once your contentType is populated, you can easily query it through GraphQL in any vue component.

And what if you want to filter your posts in a specific way? Just add a filter argument to your query:

That’s all, it’s pretty simple but powerful!

Vous connaissez certainement les failles de type “XSS” qui permettent entre autre de lancer du code JavaScript malveillant depuis le navigateur d’une cible avec tous ses droits de session en cours. Etant la faille la plus répandue sur le web , Chrome possède une protection visant à bloquer les scripts insérés dans une requête. Par définition si votre site possède par exemple une variable GET mal filtrée, le code suivant ne s’exécutera pas sur Chrome :


Si on fait un petit tour dans la console de Chrome, il nous prévient qu’il a bloqué un script :

The XSS Auditor…

Eddy Bordi

Full stack JS developer — https://bordi.fr

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store