Sitecore snuck in Content Security Policy!

Ages ago I wrote up a bit about how your public sites should consider implementing Content Security Policy because of all the hacks it can prevent. In a bit of frustrating irony, I was tripped up by a problem caused precisely because Sitecore have added some CSP headers to their own code. Google came up empty on this, so I’m documenting it for the next person who gets bitten. Continue reading

A moment of confusion with “generator-helix”

Because of the old maxim “anything you do more than once should be automated”, we all find ourselves working with tools to auto-generate projects and solutions for Helix architecture these days. Mostly these tools work fine – but every so often you can bump your head against unexpected behaviour – as I did recently: Continue reading

Learning a fun lesson about JavaScript method parameters

I’ll be honest – I don’t do much front-end stuff. I’ve watched the odd PluralSight course on modern JavaScript, I’ve worked out the basics of Gulp, and I can hack together a VueJS UI if I need to. But it’s certainly not something I’d ever say I was good at. But despite being offically a C# developer, occasionally I find myself looking at bug tickets that relate to some front-end code. I had one of them this week, where some javascript had stopped working. The front-end dev was stuck, so I took a look – and discovered something new. Well new to me at least… Continue reading

Now is the time to seriously consider your Content Security Policy

News stories about hacking and malware are depressingly common these days. Here in the UK I think we’ve not really dealt with all the fall-out from last May when parts of our health service (along with many other businesses) were hit by the “Wannacry” ransomware worm. Yet another security incident happened the other day which will get less press coverage (since it’s nowhere near as dramatic) but has bigger implications for us as web develelopers… Continue reading

Graphing activity with a Raspberry Pi

I’ve had a Raspberry Pi sitting under my desk for some time now, but things keep getting in the way of me doing much with it. But in honour of the whole “March is for Makers” thing, I decided I needed to finally do something more than boot it up and let my son tinker with Scratch on it. I’d also acquired a “Sense Hat” add-on recently, and something about the matrix display on that made me think of animated graphs. Now that the Windows 10 IoT build is gaining features, I thought I’d try installing that and building something that would let me graph website activity – with a view to how it might get connected to Sitecore… Continue reading

A drink from the Gulp firehose

Having spent a bit of time recently looking at some of the new stuff included in the tools and frameworks for ASP.Net Core 1.0 and Sitecore’s Habitat solution, one of the things that caught my eye is the Gulp task runner. So after a few days of poking around, here’s a basic introduction for anyone else considering it for their Sitecore work. Continue reading

Thinking about the future of your markup

My work sometimes involves picking up projects that were started by other developers / agencies and making changes or enhancements. Sometimes the approaches used by the original developers can make these enhancements harder than they need to be. The HTML, CSS and Javascript of a recent project I worked on caused some issues that I thought were worth calling out to try and help developers do better work in the future. Continue reading

Updating faceted search with client-side code

A while back I wrote up the faceted search example I’d presented at the London Sitecore User Group, and commented that ASP.Net WebForms wasn’t really great technology for providing that sort of UI. I noted that it would work better if it could be implemented using Ajax-style UI.

Having finally had a chance to work out a basic pattern for building JSON web services using the sort of technology that’s easily available in basic Sitecore 6.6 websites last week, I’ve now had a chance to get around to implementing a prototype of how the faceted search might be built with client-side processing. Continue reading