BE FIRST

FIRST

Be among the first to be updated with my insights on the newest .NET tech!

KISS on smartphone

Recent content

Misconception about 'AllowedHosts' in a .NET C# Web API
Misconception about 'AllowedHosts' in a .NET C# Web API

Did you ever come across the "AllowedHosts": "*" setting in a server-side .NET project and wondered what it does? I have. I did my due diligence on the subject, but once in production, I was proven wrong. What is 'AllowedHosts'? It is the configuration for the ASP.NET Core host filtering middleware. With this setting, you can specify one or more host names from which your project allows incoming HTTP requests. Requests without a matching host name will be refused. A host name is the domain name of the target server, the request is sent to. Let's say you have an API running on https://www.weather-api.com. The host name would be weather-api.com. You could specify to only allow requests with that host name. { AllowedHosts: weather-api.com } Or to allow multiple host names semicolon delimited. { AllowedHosts: weather-api.com;v1.weather-api.com;v2.weather-api.com } Or use a wildcard. { AllowedHosts: *.weather-api.com } The above will allow requests with a correct host name and disallow requests without matching host names. A host name is set on a request as an HTTP header: Host: weather-api.com. Doesn't this sound similar as CORS to you? What is CORS? In short, the ASP.NET Core CORS (Cross Origin Resource Sharing) middleware can be configured to allow requests originating from different domains to interact with server-side .NET project. By default, without this middleware, a server-side project only allows same-origin requests. These are requests originating from the same domain as the one, the server-side project is running on. So, the CORS middleware can be configured to enable cross-origin requests from applications deployed on a different domain. The originating domain name is also set on a request as an HTTP header: Origin: https://www.morning-walk.com. The origin header is set to the domain, the request originated from Allowing requests from the above origin can be configured as follows: app.UseCors(options = options.WithOrigins(https://www.morning-walk.com) .AllowAnyMethod() .AllowAnyHeader()); What's the difference? Requests made by a browser usually sets both the Host and Origin headers. Requests made by tools like Postman or by someone running a project locally, will only set the Host header or none of the above. When there is no Origin header present, the CORS middleware will not intervene. The host filtering middleware could intervene and return a 400 Bad Request when the host name does not match. Got it! Both middlewares can allow or disallow requests based on their HTTP header. So ... I can protect my API from unwanted origins and unwanted hosts? Not entirely ... Unfortunately the host filtering middleware cannot be used in the same way as the CORS middleware. The host filtering middleware allows any request as long as the Host header is correctly pointing to its target server. Setting "AllowedHosts": "*" or "AllowedHosts": "weather-api.com" would not make much of a difference if the goal is to block requests. Once in production, inspecting the HTTP headers: Request 1: Host: weather-api.com Origin: https://www.morning-walk.com Request 2: Host: weather-api.com Origin: https://kiss-code.com Do you see how you could block requests based on its origin but not based on the host? Misconception I assumed the host name and origin name would come from the same domain, which is wrong. I approached the host filtering in the same way as the CORS configuration. I assumed the values below and tried to filter hosts based on it. Request 1: Host: morning-walk.com Origin: https://www.morning-walk.com Request 2: Host: kiss-code.com Origin: https://kiss-code.com If you are interested in more of my work, you can find it: on my website: kiss-code.com/products on my Patreon on YouTube Subscribe to my newsletter to stay up-to-date & receive discounts.

08 Oct 2023

When HR makes software engineering tests
When HR makes software engineering tests

Cultural fit? As a software developer, this should be my only politically loaded, public post on LinkedIn... I just declined a "technical" test for a software role due to it becoming my second encounter with TestGorilla, a Dutch HR company that makes "Pre-Employment Testing Software". They claim to be bias-free, scientifically validated, objective, reliable and fair. I first encountered them on UpWork with a job post to take and assess their software engineering tests. I hope this isn't what they mean by "scientifically validated". I gave it a shot, expecting an objective software engineering test. I never got to that part if there was one... It started off with a pre-test "reading comprehension". Which was a quiz with only one "correct" answer per statement. A few statements stood out with themes of "climate", "gender", ... The statements were phrased suggestively and some hypothetical. These stood out: "... ice caps melting could potentially rise sea levels by a few meters" "... gender bias against women by A.I. ..." But ... only one correct answer per statement. So, more like an "agree or fail" test possibly fishing for political, cultural or ethical stances, disguised as "reading comprehension". My objections to this: What do I really know about these topics? I accept the world not to be flat but do I have any evidence of that? Nope. I'm just a simple guy with software development as my craft. Why / how should I know or care? Why ask me about potential world issues? I understand a thing or two about A.I. but why do you need me to denounce this occurrence? Why this one? My passion is to create, to build and to solve problems. It involves some critical-thinking to make things functionally accurate. Being critical means that you may not just accept everything, just because. Anyhow, this form of an "agree or fail" test may not result in the promised "bias-free" outcome. It may "expose" some traits. I understand that compliance and agreeableness likely are attractive traits to a manager, team or employer. But, I doubt the critical-thinking quality or genuinity of the passing candidates. I demanded TestGorilla to remove my personal information and my test answers as this smells too much like the "Facebook Cambridge Analytica Scandal" which abused (e.g. quiz) data for political advertising. And, I find it an unfortunate way of sneaking "climate-alarmism", gender topics, and other wokeisms into the technical professions as a politically loaded quiz. What do you think?

13 Feb 2024

My secret to advancing software skills
My secret to advancing software skills

As mentioned in my previous posts, working together with an experienced developer or on your own hobby projects can rapidly improve your software skills. However, this learning curve also flattens after a while. Without proper guidance, while developing your hobby projects, you'll only learn from it the hard way. This isn't bad but it might take you much longer than it needs to. Content creators can be invaluable to your developer journey! Some provide you with isolated how-to's, others update you on the news within the space, ... On the "Keep it simple, stupid." YouTube channel, I continuously work on real-world apps while exploring & leveraging the latest .NET features and Azure cloud services. I share with you how I implement these, with real use cases and how I architect entire end-to-end solutions from start to finish. I also share the code for you to learn from or for you to adapt to fit your requirements. My most effective method to advance my software skills. By repurposing someone else's well-crafted code, you can get a deeper understanding of why and how the author solves certain problems. How they structure their projects and more. By immersing yourself into it with the proper curiosity and willingness to learn, you'll adopt great practices and advance your overall knowledge of software development. How would I know? Well, I've been developing daily for over 11 years, started out as a self-taught programmer, learned a thing or two in college, learned more on the job. In some jobs, I was on my own, in others I had the privilege to work with peer developers. Besides that, I am always working on hobby projects and learning from those slowly but surely. Yet, the impact of immersing myself into other's inspirational work have taken me way beyond what I could learn up until that point. Not only is that work the result of decades of experience of the author but their invested time and attention to detail, makes it a work of art and an invaluable resource to learn from. That's exactly what I aim to offer with my content! I put a lot of time, effort and thought into making valuable resources to either learn from, act as an alternative solution / perspective or to be molded into someone's work. I'm pleased to see that it is doing exactly that for a variety of developers: Testimonials If you are interested in my work, you can find it: on my website: kiss-code.com/products on my Patreon on YouTube Subscribe to my newsletter to stay up-to-date & receive discounts.

18 Nov 2023

2 growth hacks to boost your software skills
2 growth hacks to boost your software skills

In my experience, the two most impactful actions you can take to boost your developer journey, are: building hobby projects; learning from a relevant peer developer. If you can find the time to build hobby projects, it's highly recommended! This way you can trial-n-error, refactor, restructure your project to your hearts content, learn what works and what doesn't. And, it presents you with the perfect opportunity to try-out new features and libraries. This way, you'll be one step ahead when assigned to architect / build sustainable projects on the work floor. And you'll have those projects to show off & talk about when applying for jobs. It also great to gain trust about your expertise with your employer. And just maybe they'll let you skip that tricky coding test ;). The second luxury is a relevant peer developer, likely someone who does the above. A strategical programmer, who can teach you strong basics but also the latest and greatest. Someone who doesn't shy away from opportunities to innovate. If you don't have these luxuries, tech YouTubers, content- and course creators can be a great substitute. One day, you will be that peer developer if you aren't already. What else do you think can fast-track growth as a developer? Let me know! Which hobby projects to build? This can vary depending on which type of software developer you are but these project types are highly recommended to have built: your portfolio website; your digital resume; your (tech) blog. These are the best types of projects to share and showcase your work, experience and knowledge. To build these, you either build everything yourself and gain a better understanding of full-stack web development. Or you learn about the technology, tools and topics to help you build the project. To name a few: a headless CMS, JAM-stack, a full CMS like WordPress, ... Once you've built one or all of the above, you might be ready to build more challenging projects. Projects that solve real world problems, these can range from solutions that help out your local dog shelter to improving processes of small businesses in your area up to solutions to increase the revenue of companies. Think about gathering data from external APIs, which data storage to use, which cloud components and which protocols to communicate over. Try to integrate third-party libraries, technology to boost your app's capabilities and to impress others ;). Diving into topics like "Clean Architecture" or "Clean Code" can also greatly benefit you down the road. Did I forget something important? Let me know! I have built multiple portfolio websites with different technologies through the past. I have also built a digital, printable resume and I recently built my own brand website with tech blog. If you want a head start, you can grab yourself a copy here. To repurpose that to your own brand, portfolio or blog website.

14 Nov 2023

One of the great killers of software projects
One of the great killers of software projects

One of the great killers of software projects, its potential and the commitment of (future) assigned developers, is going fast and making a mess in the process. The video at the bottom, describes tactical vs. strategical programming in a nutshell. What can a developer do to combat this? A first, would be to educate oneself on topics revolving clean code and clean architecture. More specifically, in the principles and patterns resulting in such practices. Although there are many books and video's to learn from, working with a peer developer who applies the above, can be invaluable. Think critically about the code you write, "Think twice, code once.". Improvements can range from the usage of logical operators to leveraging external solutions, productivity-boosting tooling, ... You can often write it with less lines of code and improve its readability for your teammates. Aim to leave a codebase in better shape than you found it. Take it one step or one ticket at a time, separate yourself from the "code monkeys". Optimize and fully utilize your tooling for increased productivity while minimizing code smells or bug potential. This encompasses the features of your programming language, frameworks, IDE plugins and beyond automated release cycles. Don't "half-ass" or refuse to evolve the above since that will only decrease productivity over time. There are plenty of proven systems to adopt, no need to reinvent these. I can see how, from a business perspective, tactical programming might appear to be praised in the short term but will lead to technical debt in the long term. Sooner rather than later. As tactical programming has its perks, it's the lesser advisable approach to be used beyond a concept phase. What can an employer or project manager do to combat this? Hire proven, quality competence for your back-end systems. As quantity in years might improve your odds, it's unfortunately not a guarantee. Recruiting for battle-tested programming language frameworks might improve the odds. Once obtained, it's an idea to pair them up with rookies on a new project, when possible. In time, your development team might live by great coding practices, delivering highly maintainable projects which in turn frees up time for bullet-proof technical decision making. Don't allow for bad practices to train your rookies, as described in the video below. Entertain your developer's requests for improvements or refactoring. Involve them (more) in crucial technical decision phases. Phases to tackle structural or procedural improvements should have a place in any software project. Not to be shrugged off as "unbillable". It pays in the long run by preventing frustrated developers and dissatisfied clients. If possible, don't take on existing projects another tactical development team already ran through until they could no more. You're likely to repeat the cycle the video describes. If you do, be very transparent about it to your development team or new hires. It's dirty work. You don't have to take my word for it, watch the video, it describes many software projects. Clean Code - Uncle Bob If you are interested to see my work, you can find it: on my website: kiss-code.com/products on my Patreon on YouTube Subscribe to my newsletter to stay up-to-date & receive discounts.

07 Nov 2023

Newsletter

Allow me to share what I learn, with you.

An error has occurred. 🗙