Web development Code Diary Entries

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job.

• 2xx status codes other than 200 also mean success
• A tour of some common ngingx configs
• Accept language can contain multiple weighted entries
• Accessing local storage can cause exceptions if disabled
• Always prepend IP addresses with http for urls
• Always set content type
• API design
• Assume users will delete their cookies at inopportune times
• Autofill is not autocomplete and how to disable
• Basics of authorization headers
• Basics of using a CDN
• Be careful of bundled cert expiries
• Be mindful of which variables require plain text in views and which need html
• Binary data on the web
• Chrome devtools
• Client side API consumption may be stuck with old code due to caching
• Code parsing domain names must anticipate variable lengths for TLD
• Compress your images for web
• Consider client side heavy architectures for many step wizards
• Constraints when scaling
• CORS explained the big picture
• CSRF tokens means you cannot resubmit a tedious form to test new deployed fixes
• Disabled attributes are not submitted with forms
• Email delivery
• Email ports
• File uploads always need multipart encoded forms
• Gather browser info for every session not just users
• How do origin and referer headers differ and what is the point
• How to access development server on phone
• How to configure DKIM SPF and DMARC
• How to debug broken SSL
• How to not break the back button in JavaScript heavy work
• How to POST params fields or JSON with curl
• How to stress test website performance with apache benchmark
• If you have multiple closely related domains for a single property you probably want to be permissive with CORS
• Invalidating tokens on logout breaks multiple device login
• Javascript outside an iframe cannot access iframe properties without postMessage
• List of places to consider for translations
• Make sure to prune mailing lists
• MIME types basics
• Minify AND compress assets for performance
• Monit basics
• Never deliver something for production web with a non 80 port
• Open graph data must be in head
• Output string types from code in template languages not booleans etc
• Performance metrics
• Place js just before body close for speed
• Preconnect and preload to speed up asset download
• Prefer enveloped endpoints in API design
• Prefer meta tags to robots txt for avoiding indexing
• Prepend logs with their machine name in deploy setups
• Profiling with locust
• Pros and cons of JTW vs sessions
• Proxy bufffering and caching in nginx
• Proxy caching can break backend tracking
• Remember array params in web dev
• Servers cannot set cookies on requests
• Service workers
• Set content type with correct filename extension for downloadable files
• Some browser features only work in classic localhost
• Srcset
• Telnet basics
• Test against simulated real domain names in etc hosts
• The rarely known difference between masked and unmasked redirects
• The two most important precautions to make in mailing list code
• Third party tracking links risk downtime
• Track conversions only after your backend validates the data to avoid bots
• Tracking before your web application router will track non existent urls and redirect junk
• Understand the precendence of default form data
• Use parallelism to speed up maintenance mode deploys
• What are CGI and fast CGI
• What do ARIA attributes do
• What does the keep alive header do
• What is the difference between accept and content language headers
• When autocomplete is used in a form test for premature submission
• When setting up a server get your root folder config right
• Zip html content for extra speed