Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

yada

mikepjb 2017-09-29T08:03:31.000330Z

when a POST goes wrong and a 500 is returned, is it possible to view a stack trace in the response? Currently I am changing the post to a get because yada will print the stack trace that way

malcolmsparks 2017-09-29T08:05:36.000050Z

Are you accepting html in your request?@

mikepjb 2017-09-29T08:10:01.000157Z

I wasn't! Including --header 'Accept: text/html' shows the stack trace now

mikepjb 2017-09-29T08:10:07.000243Z

thanks @malcolmsparks

macroz 2017-09-29T14:09:35.000315Z

interesting, I can't get route to match with path param like AQMkADU4YmQ0ZDU0LTJkNzUtNGE5MS1hNmIwLTZjNzkyNmVhNGI2NABGAAADgLxKILUg8UycUESZkpzxuQcAX74XcER4HUqZ4ZShQm7AgAAAAgENAAAAX74XcER4HUqZ4ZShQm7AgAABoA7_-QAAAA== but if I remove the last two equal signs it does match

macroz 2017-09-29T14:11:25.000369Z

doesn't matter that it is URL encoded

dominicm 2017-09-29T14:24:07.000634Z

@macroz I think there's a fairly strict regex in place in bidi to reduce the chance of exploits.

macroz 2017-09-29T14:25:53.000033Z

Microsoft Graph API contains IDs like that and this is a DELETE request so makes sense to use a path parameter

macroz 2017-09-29T14:27:29.000097Z

I was reading the source code but yada is a complex piece of machinery

malcolmsparks 2017-09-29T14:31:06.000341Z

@macroz that is because the default bidi regex doesn't match on =, but you can declare the regex explicitly in your path param. See bidi's README

macroz 2017-09-29T14:35:24.000674Z

ok was looking for an answer in yada docs

macroz 2017-09-29T14:35:36.000371Z

if I declare a path parameter with String schema I would expect it accepts all Strings

malcolmsparks 2017-09-29T14:36:04.000348Z

It piggy backs on bidi's path parameter logic

malcolmsparks 2017-09-29T14:37:49.000371Z

All strings? Careful with those injection attacks...

malcolmsparks 2017-09-29T14:38:19.000402Z

But yes, it does seem like something that needs a better solution

macroz 2017-09-29T14:38:49.000577Z

it parses/matches the path so it does have some format, it comes in a Java (/Clojure) String so where is your injection possibility?

malcolmsparks 2017-09-29T14:39:45.000723Z

If you go on to use that string in html output, sql concatenation, etc.

malcolmsparks 2017-09-29T14:40:01.000658Z

Just be careful with inputs from requests

macroz 2017-09-29T14:41:05.000121Z

yes, but that is in my view an altogether different concern that is mostly solved by the other library where you pass the String into, i.e. PreparedStatement

malcolmsparks 2017-09-29T14:41:34.000255Z

Sure. I agree. Just be careful

macroz 2017-09-29T14:41:37.000463Z

yeah

macroz 2017-09-29T14:42:26.000115Z

most libraries these days encode and protect by default

macroz 2017-09-29T14:42:43.000650Z

which is good

malcolmsparks 2017-09-29T14:43:05.000593Z

hiccup v1 is one that doesn't There are others...

macroz 2017-09-29T14:43:30.000046Z

well this is SPA and React does

delitescere 2017-10-09T02:20:02.000064Z

That is no great use if the backend isn't also cleaning input.

macroz 2017-09-29T14:43:59.000405Z

I think I got it to work so thanks for the tip

macroz 2017-09-29T14:44:13.000082Z

this would be useful to mention in the yada side as well

malcolmsparks 2017-09-29T14:44:32.000002Z

Great. Yes I will

dominicm 2017-09-29T14:46:26.000393Z

I agree with @macroz that each component should assume dangerous data as input. However, I also think that it's useful to have bidi provide a little bit of extra protection for 99% of cases.

👍 1