Category: Blogs

Azure Durable Function (C#)

Traditional Azure Function & AWS Lambda are stateless. In Azure Durable Function, one of the impressive features is of saving state between each run, consider if you want a simple cloud service triggered everyday and no information needs to be preserved in database, but only some states to save for next execution, then Azure Durable …

JWT in Asp.NET Core (Open)

There are many officially provided classes which can generate or/and verify JWT within different languages, but generally speaking they all do following things in one way or another: Generate JWT Create a header, use base64url to encode header; Create a collection of claims in payload, use base64url to encode payload; Provide a secret symmetric encrypted …

Understand “Promise” (3/3): Create a Simple “Axios”

In previous post, I used some Pseudo code in Promise constructor, now I will create a Promise instance with real code, and for better understanding, I will use JQuery to do ajax call. Step 1: the origin is axios.get(url), it looks like some instance call its function, so I will start with creating our own …

Understand “Promise” (2/3): Promise Instance

Step 1: In previous post, the result of axios.get(“/api/items”) is a Promise instance. Step 2: But the original way to create a Promise instance is using Promise constructor. Step 3: We now can use “myPromise” to call .then() or .catch() Step 4: Only if resolve() is executed in step 2, then() in step 3 will …

Understand “Promise” (1/3): Axios

Step 0: I assume you have already read some documents and confusing now. Also, I assume you have already known how to use “axios”. Step 1: If you don’t understand “Promise”, start from “axios”. Step 2: But before that, you need to know “Promise” is a class. Step 3: Then “axios” is based on “Promise”, …

Front-end & Back-end Interaction Section 4: CORS

This is a comment I posted on a video site, in case I forget, I’ll translate it later… 我觉得这么讲有点问题,CORS和CSRF并不是同一类问题的两个分支。CSRF可以看成是跨域问题的起点,也就是万恶之源,浏览器为了应对这个万恶之源,进化出了SOP(同源策略),从而为开发工作带来了很多麻烦,开发者们不得不想出各种奇技淫巧来跨域获取数据或者资源,例如JSONP。后来,HTML5诞生了,它提供了CORS,为开发中的跨域带来了便利,所以CORS是解决方案,CSRF是万恶之源,CORS作为解决方案会存在漏洞,而CSRF本身就是个漏洞,视频里展示的CORS漏洞和CSRF漏洞很容易造成歧义,还说CORS漏洞出现一般都会造成CSRF漏洞出现,这是当然了,讲师演示的返回头信息中的设置基本等于把SOP屏蔽掉了,一切回到了起点,那当然就又回到了CSRF了。CSRF和CORS不是包含与被包含关系,也不是同级关系,希望新人以后不要到百度搜索什么“CORS和CSRF”区别是什么(很显然我之前就干过这事)