Articles

How does the Django Cross-site request forgery protection work?

Dan Poirier wrote an article on the Caktus Group blog about common web site security vulnerabilities. In it he talked about the CSRF protection in Django. Although he is right about a CSRF token having to be part of the POST request, this is not the entire story.

A week with Firefox instead of Chromium

My browser of choice has been Chromium for quite a while now. A couple of podcasts recently discussed how Chrome has become a memory hog and how Firefox has improved over the years. Time for an experiment.

Where did my icons go?

When I was experimenting with an SVG sprite to replace my current icon font, suddenly some of the icons disappeared without a clear reason. It worked fine when I accessed the demo page via the file URI scheme, but as soon as I used an HTTP server, some of them did not show up.

OCSP Stapling in Nginx

The Heartbleed bug triggered a review of the configuration of my own web server. As a result I discovered that I had my Online Certificate Status Protocol (OCSP) stapling configured wrong. In this article I will briefly explain OCSP and OCSP stapling, what I had done wrong and what is a—as far as I now know—right way to implement OCSP stapling in Nginx.