| ▲ | zzo38computer 5 days ago | |
> Zitadel is cursed because its custom scripting feature is executed with a JS engine that doesn't support regex named capture groups. I think sufficiently old version of JavaScript will not have it. It does not work on my computer either. (You should (if you had not already) report this to whoever maintains that program, in order to fix this, if you require that feature.) > Git can be configured to automatically convert LF to CRLF on checkout and CRLF breaks bash scripts. Can you tell git that the bash script is a binary file and therefore should not automatically convert the contents of the file? > Fetch requests in Cloudflare Workers use http by default, even if you explicitly specify https, which can often cause redirect loops. Is that a bug in Cloudflare? That way of working does not make sense; it should use the protocol you specify. (I also think that HTTP servers should not generally automatically redirect to HTTPS, but that is a different problem. Still, since it does that it means that this bug is more easily found.) (Also, X.509 should be used for authentication, which avoids the problem of accidentally authenticating with an insecure service (or with the wrong service), since that would make it impossible to do.) > There is a user in the JavaScript community who goes around adding "backwards compatibility" to projects. They do this by adding 50 extra package dependencies to your project, which are maintained by them. It is a bad idea to add too many dependencies to your project, regardless of that specific case. > The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored. There is a good reason to have a maximum password length (to avoid excessive processing due to a too long password), although the maximum length should still be sufficiently long (maybe 127 bytes is good?), and it should be documented and would be better if it should be known when you try to set the password. > Some web features like the clipboard API only work in "secure contexts" (ie. https or localhost) I think that "secure contexts" is a bad idea. I also think that these features should be controlled by user settings instead, to be able to disable and otherwise configure them. | ||
| ▲ | mdaniel 4 days ago | parent [-] | |
> Can you tell git that the bash script is a binary file and therefore should not automatically convert the contents of the file? That'd be swatting a fly with a sledgehammer; if you do that, $(git diff) will no longer work which smells important for shell scripts that evolve over time. But I think you were in the right ballpark in that .gitattributes is designed for helping it understand the behavior you wish with eol=lf just for either that file or *.sh *.bash etc https://git-scm.com/docs/gitattributes#Documentation/gitattr... | ||