The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
Note: Standards related to the Cookie SameSite attribute recently changed such that:
The cookie-sending behavior if SameSite is not specified is SameSite=Lax. Previously the default was that cookies were sent for all requests.
Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).
Cookies from the same domain are no longer considered to be from the same site if sent using a different scheme (http: or https:).
Cookies are not sent on normal cross-site subrequests (for example to load images or frames into a third party site), but are sent when a user is navigating to the origin site (i.e., when following a link).
This is the default cookie value if SameSite has not been explicitly specified in recent browser versions (see the "SameSite: Defaults to Lax" feature in the Browser Compatibility).
Note:Lax replaced None as the default value in order to ensure that users have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.
Cookies will be sent in all contexts, i.e. in responses to both first-party and cross-origin requests. If SameSite=None is set, the cookie Secure attribute must also be set (or the cookie will be blocked).
Warnings like the ones below might appear in your console:
Cookie "myCookie" rejected because it has the "SameSite=None" attribute but is missing the "secure" attribute.
This Set-Cookie was blocked because it had the "SameSite=None" attribute but did not have the "Secure" attribute, which is required in order to use "SameSite=None".
The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected.
Set-Cookie: flavor=choco; SameSite=None
Copy to Clipboard
To fix this, you will have to add the Secure attribute to your SameSite=None cookies.
Set-Cookie: flavor=choco; SameSite=None; Secure
Copy to Clipboard
A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol. Note that insecure sites (http:) can't set cookies with the Secure directive.
Note: On older browser versions you might get a warning that the cookie will be blocked in future. For example:
Cookie myCookie will be soon rejected because it has the SameSite attribute set to None or an invalid value, without the secure attribute.
Recent versions of modern browsers provide a more secure default for SameSite to your cookies and so the following message might appear in your console:
Cookie "myCookie" has "SameSite" policy set to "Lax" because it is missing a "SameSite" attribute, and "SameSite=Lax" is the default value for this attribute.
The warning appears because the SameSite policy for a cookie was not explicitly specified:
Set-Cookie: flavor=choco
Copy to Clipboard
You should explicitly communicate the intended SameSite policy for your cookie (rather than relying on browsers to apply SameSite=Lax automatically). This will also improve the experience across browsers as not all of them default to Lax yet.
Set-Cookie: flavor=choco; SameSite=Lax
OSI [Open System Interconnection Model]
Wed, Apr 6, 2022 1:58 PM
OSI [Open System Interconnection Model]
Published by powerfulyang at Apr 6, 2022
For IT professionals, the seven layers refer to the Open Systems Interconnection (OSI) model,
a conceptual framework that describes the functions of a networking or telecommunication
system.
Layer 7 - Application
To further our bean dip analogy, the Application Layer is the one at the top - it’s what most users see. In the OSI model, this is the layer that is the “closest to the end user”. Applications that work at Layer 7 are the ones that users interact with directly. A web browser (Google Chrome, Firefox, Safari, etc.) or other app - Skype, Outlook, Office - are examples of Layer 7 applications.
The Presentation Layer represents the area that is independent of data representation at the application layer. In general, it represents the preparation or translation of application format to network format, or from network formatting to application format. In other words, the layer “presents” data for the application or the network. A good example of this is encryption and decryption of data for secure transmission - this happens at Layer 6.
When two devices, computers or servers need to “speak” with one another, a session needs to be created, and this is done at the Session Layer. Functions at this layer involve setup, coordination (how long should a system wait for a response, for example) and termination between the applications at each end of the session.
负责连接,建立和断开连接的时机,数据的发送顺序
Layer 4 – Transport (TCP,UDP)
The Transport Layer deals with the coordination of the data transfer between end systems and hosts. How much data to send, at what rate, where it goes, etc. The best known example of the Transport Layer is the Transmission Control Protocol (TCP), which is built on top of the Internet Protocol (IP), commonly known as TCP/IP. TCP and UDP port numbers work at Layer 4, while IP addresses work at Layer 3, the Network Layer.
Here at the Network Layer is where you’ll find most of the router functionality that most networking professionals care about and love. In its most basic sense, this layer is responsible for packet forwarding, including routing through different routers. You might know that your Boston computer wants to connect to a server in California, but there are millions of different paths to take. Routers at this layer help do this efficiently.
The Data Link Layer provides node-to-node data transfer (between two directly connected nodes), and also handles error correction from the physical layer. Two sublayers exist here as well - the Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. In the networking world, most switches operate at Layer 2.
At the bottom of our OSI bean dip we have the Physical Layer, which represents the electrical and physical representation of the system. This can include everything from the cable type, radio frequency link (as in an 802.11 wireless systems), as well as the layout of pins, voltages and other physical requirements. When a networking problem occurs, many networking pros go right to the physical layer to check that all of the cables are properly connected and that the power plug hasn’t been pulled from the router, switch or computer, for example.
The only type/subtype combinations allowed for the media type specified in the Content-Type header are:
application/x-www-form-urlencoded
multipart/form-data
text/plain
If the request is made using an XMLHttpRequest object, no event listeners are registered on the object returned by the XMLHttpRequest.upload property used in the request; that is, given an XMLHttpRequest instance xhr, no code has called xhr.upload.addEventListener() to add an event listener to monitor the upload.
Roughly, whenever the last thing a function does is to call another function then the latter does not need to return to its caller. As a consequence, no information needs to be stored on the call stack and the function call is more of a goto (a jump). This kind of call is named tail call; not growing the stack is named tail call optimization (TCO).
Let’s look at an example to better understand TCO. I’ll first explain how it is executed without TCO and then with TCO.
SSH 使用指南
Sun, Mar 20, 2022 12:22 PM
SSH 使用指南
Published by powerfulyang at Mar 20, 2022
SSH config
file location ~/.ssh/config
file template is below
bash
1
2
3
4
5
Host github.com
HostName github.com
User git
Port 22
IdentityFile ~/.ssh/private_key
generate public key and private key
use command ssh-keygen
Copy public key to remote server
Append the content of xxx.pub into ~/.ssh/authorized_keys file on the server-side.
Change the permission of the ~/.ssh/authorized_keys file.
[LOCAL_IP:]LOCAL_PORT - 本地 IP 和端口号,LOCAL_IP 默认是 localhost。
DESTINATION:DESTINATION_PORT - 目标机器的 IP 地址和端口号。
[USER@]SERVER_IP - 远程 SSH 地址和登录用户。
案例:
使用本地地址 127.0.0.1:58211 连接远程的数据库 127.0.0.1:58211
bash
1
ssh -L 58211:127.0.0.1:58211 user@remote-server
Windows 下 Hyper-V 虚拟机的一些记录
Fri, Mar 18, 2022 11:34 AM
Windows 下 Hyper-V 虚拟机的一些记录
Published by powerfulyang at Mar 18, 2022
Install Windows 11 in Hyper-V
Check if the Hyper-V Windows feature is installed
Create a new VM for Windows 11
Specify Generation choose Generation 2
After the VM is created, start VM. Will get boot fail error!
Turn off VM.
Then right click on it and go to Settings, Open Security tab and make sure Enable Secure Boot are not selected and Enable Trusted Platform Module are selected.
Connect to VM, then you can install Win11.
中文渲染问题
英文版的 win11 默认渲染中文会使用日文,导致文字变形,需要一些额外的设置来让文字显示正常。
打开 Settings -> Time & language -> Related settings -> Administrative language settings -> Administrative Tab -> Change system locale -> Current system locale Chinese (Simplified, China)
Select it, then double click Use hardware graphics adapters for all Remote Desktop Services sessions and edit value to Enabled.
解决几个快捷键冲突
Settings Location: Settings -> Time & language -> Language & region -> Language tab -> Chinese (Simplified, China) -> Language options -> Keyboards -> Microsoft Pinyin -> Keyboard options -> Keys -> Mode Switch -> ...
Ctrl + Space Chinese/English mode switch
Ctrl + Shift + F Simplified/Traditional Chinese input switch
sed 命令 sed -n '5,10p' filename 这样你就可以只查看文件的第5行到第10行。
Disk
显示磁盘空间信息 (df)
使用 df -k 命令以千字节为单位显示磁盘空间信息。
-k 表示 kb
-m 表示 mb
-g 表示 gb
shell
1
2
3
df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t3d0s0 192807 40231 133296 24% /
其中每列的含义
字段名
说明
kbytes
文件系统中可用空间的总大小
used
已用空间
avail
可用空间
capacity
已用空间百分比
mounted on
挂载点
Understanding Linux File Permissions
example: drwxrwxrwx
第一位代表文件类型,有两个数值:“d”和“-”,“d”代表目录,“-”代表非目录。
后面9位可以拆分为3组来看,分别对应不同用户,2-4位代表所有者 user 的权限说明,5-7位代表组群 group 的权限说明,8-10位代表其他人 other 的权限说明。
r 代表可读权限,w 代表可写权限,x 代表可执行权限。 drwxrwxrwx 表示所有用户都对这个目录有可读可写可执行权限。
Permission Groups
u 代表所有者 (user)-The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.
g 代表所有者所在的组和群 (group)-The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.
o 代表其他人但不是 u 和 g(other)
a 代表全部人 - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.
Permission Types
read – The Read permission refers to a user’s capability to read the contents of the file.
write – The Write permissions refer to a user’s capability to write or modify a file or directory.
execute – The Execute permission affects a user’s capability to execute a file or view the contents of a directory.
Advanced Permissions
_ – no special permissions
d – directory
l – The file or directory is a symbolic link
s – This indicated the setuid/setgid permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions.
t – This indicates the sticky bit permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions
r,w,x 可以用数字表示 r=0x100 w=0x10 x=0x1
rw------- (600) 只有所有者才有读和写的权限
rw-r–r-- (644) 只有所有者才有读和写的权限,组群和其他人只有读的权限
rwx------ (700) 只有所有者才有读,写,执行的权限
rwxr-xr-x (755) 只有所有者才有读,写,执行的权限,组群和其他人只有读和执行的权限
rwx–x--x (711) 只有所有者才有读,写,执行的权限,组群和其他人只有执行的权限
rw-rw-rw- (666) 每个人都有读写的权限
Change Permissions
The potential Assignment Operators are + (plus) and – (minus); these are used to tell the system whether to add or remove the specific permissions.
use commandchmod to modify permissions;
To make this modification you would invoke the command: chmod a-rw file1
To add the permissions above you would invoke the command: chmod a+rw file1
You use the chown command to change owner and group assignments, the syntax is simple chown owner:group filename, so to change the owner of file1 to user1 and the group to family you would enter chown user1:family file1.
The numeric type you will come across most frequently is <length>. For example 10px (pixels) or 30em. There are two types of lengths used in CSS — relative and absolute. It's important to know the difference in order to understand how big things will become.
Absolute length units
The following are all absolute length units — they are not relative to anything else, and are generally considered to always be the same size.
Unit
Name
Equivalent to
cm
Centimeters
1cm = 37.8px = 25.2/64in
mm
Millimeters
1mm = 1/10th of 1cm
Q
Quarter-millimeters
1Q = 1/40th of 1cm
in
Inches
1in = 2.54cm = 96px
pc
Picas
1pc = 1/6th of 1in
pt
Points
1pt = 1/72th of 1in
px
Pixels
1px = 1/96th of 1in
Most of these units are more useful when used for print, rather than screen output. For example, we don't typically use cm (centimeters) on screen. The only value that you will commonly use is px (pixels).
Relative length units
Relative length units are relative to something else, perhaps the size of the parent element's font, or the size of the viewport. The benefit of using relative units is that with some careful planning you can make it so the size of text or other elements scales relative to everything else on the page. Some of the most useful units for web development are listed in the table below.
Unit
Relative to
em
Font size of the parent, in the case of typographical properties like font-size, and font size of the element itself, in the case of other properties like width.
ex
x-height of the element's font.
ch
The advance measure (width) of the glyph "0" of the element's font.