Comfortably Coding Blog of Mathew Rodley

I'm currently writing a neat little application using Rails 3.0. It serves up web requests and provides a nice RESTful end point for me to rig up some fancy calls to via a JavaScript UI.

To compliment this web application, I have written a primitive NodeJS substrate to manage communications with mobile devices. Though this layer, mobile devices can invoke actions on the web application. This works fairly well, except when request_from_forgery gets in my way. I needed to get around this restriction, but I did not want to disable CSRF completely on the web application. In a nutshell, I wanted to check the CSRF tokens if the user is coming from any non-trusted source and ignore the tokens when coming from a trusted source.

Since the NodeJS is in my sphere of trust and has already authenticated any users that it is communicating with it, I created a non-standard header to communicate a signed identity to my web application. The web application verifies this identity and then invokes the method being called on behalf of that identity. However, since I supply no CSRF token the request failed. Ideally, if the identity sent in the header is valid (and signed by the NodeJS application) I want to also ignore the CSRF token. However, I want the CSRF token to be verified for any other request. Rails provides a mechanism to ignore the verification token per controller or method, but I want a much deeper level of control (per request).

Here's what I did. If the authentication token is valid, I modify the request to place it in the forgery whitelisted category. This means it will not verify any tokens and the request will proceed as if it does not require CSRF validation. To do this I redefined the forgery_whitelist? method on the request object. It more or less looked like this:

if custom_header.is_valid?
  def request.forgery_whitelisted?; true; end
end

Todays post is about creating a mirrored effect on images appearing on a website. Looking around, there are already a few people who have attempted to do this, however, I would like to tackle the problem myself and provide an in depth post about how to actually do it. At the end of this post we should have a fully functioning jQuery plugin which allows us to mirror images. We can approach this two ways, using Canvas or SVG. I have opted to use Canvas, however I did create a neat SVG file which is able to mirror arbitrary images, passed in by a query parameter. The first part if this post will address creating a reflection of an image. Once we have the ability to do this, we can roll it into a jQuery plugin to provide reflections for images which we specify. Read the rest of this entry »

It often occurs that once I subscribe to a website, they wants to communicate with me via email. This may be information about my account, confirmation of some process or an occasional email promoting some new feature or deal. In many of these cases websites may choose to send an email in which the content is presented in HTML. HTML may appear like a good choice to someone who only thinks about bells and whistles, however in reality there are a number of issues. Off the top of my head, here is a list: Read the rest of this entry »