Blog
- Details
A simple way to add CORs headers to legacy apps:
But first, some definitions of what CORs and CORs preflight requests are:
"Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request."
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
"CORS does not protect your server. CORS attempts to protect your users by telling browsers what the restrictions should be on sharing responses with other domains. Normally this kind of sharing is utterly forbidden, so CORS is a way to poke a hole in the browser's normal security policy. These holes should be as small as possible, so always check the HTTP_ORIGIN against some kind of internal list."
Reference: https://stackoverflow.com/questions/8719276/cross-origin-request-headerscors-with-php-headers
CORs preflight request:
"A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers."
Reference: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
"The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request."
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
Note, developer tools will not show CORs preflight requests.
Now to the code:
function addCORSHeaders()
{
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
// cors preflight check; doesn't care about content, just headers and status
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization');
// cache of cors preflight check; max varies by browser; some only 10min, some 24hr
header('Access-Control-Max-Age: 86400');
header('Content-Length: 0');
header('Content-Type: text/plain');
// HTTP/1.1 or HTTP/1.0 or HTTPS/2.0 or etc
header($_SERVER['SERVER_PROTOCOL'] . ' 200 OK');
exit();
}
// if can, allow just your domain.com or allow just subdomains *.domains.com
// but if have multiple shared apps/domains, * allow from anywhere
header('Access-Control-Allow-Origin: *');
}
Add a function/method call to addCORSHeaders() to your middleware, or before your output.
Note, If your app has authentication, don't forget to allow OPTIONS as unauthenticated, like your login page.
You can check the network response to see the added headers in browsers developer tools.
But as developer tools do not show CORs preflight requests, you may have to log access or trace using xdebug.
- Details
"Xdebug is an extension for PHP, and provides a range of features to improve the PHP development experience. Step Debugging A way to step through your code in your IDE or editor while the script is executing."
Source: https://xdebug.org/
Install following the instructions from https://xdebug.org/docs/install
php.ini settings that worked for me:
zend_extension=xdebug-2.9.4-7.2-vc15-x86_64
[xdebug]
xdebug.remote_enable = 1
xdebug.remote_autostart = 0
xdebug.remote_host = 127.0.0.1
xdebug.remote_port = 9072
xdebug.idekey = "PHPSTORM"
xdebug.profiler_enable = 0
Enabling PHP xdebug is fairly simple, just add arguments to your PHP call
> php -d -dxdebug.remote_enable=1 -dxdebug.remote_autostart=1 -dxdebug.idekey=PHPSTORM your/script.php
The option -d can set/override php.ini values
-d foo[=bar] Define INI entry foo with value 'bar'
Reference: https://www.php.net/manual/en/features.commandline.options.php
If you are using cmder, which bundles the conemu console
you can add the alias to your users_aliases.cmd
C:\Portable\cmder\config\user_aliases.cmd
xphp7=C:/laragon/bin/php/php-7.2.28-Win32-VC15-x64/php -d -dxdebug.remote_enable=1 -dxdebug.remote_autostart=1 -dxdebug.idekey=PHPSTORM $*
php7=C:/laragon/bin/php/php-7.2.28-Win32-VC15-x64/php $*
And use as
> xphp7 slimapp/cli.php arg1 arg2=test
Reference: Slim PHP CLI
- Details
To change the bash prompt on your AWS EC2 instance from the default of
[ec2-user@ip-10-1-1-1 ~]$
to
ec2-user@ec2-name /data/cool-app (development=)
└─►
read and apply the following bash_profile update:
Note, By default, AWS EC2 does not set /etc/hosts, so use a fixed string in your bash prompt,
or follow the AWS documentation:
https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname/
Create a temp file with the contents:
> echo '
# change me vars
ec2_name="ec2namechangeme"
# use vim
export EDITOR=vim
alias vi="vim"
# allow tab auto complete w/ sudo
if [[ "$HOME" == "/home/ec2-user" ]]; then
complete -cf sudo
fi
# git status
git_status="n"
# existing git file in most distros
git_prompt=/usr/share/git-core/contrib/completion/git-prompt.sh
if [[ -f $git_prompt ]]; then
source $git_prompt
export GIT_PS1_SHOWDIRTYSTATE=true # + staged, * unstaged
export GIT_PS1_SHOWUNTRACKEDFILES=true # % untracked files
export GIT_PS1_SHOWUPSTREAM="auto" # < behind, > ahead, <> diverged, = no difference
export GIT_PS1_SHOWSTASHSTATE=true # $ something is stashed
git_status="y"
fi
unset git_prompt
# export PS1="[\u@\h \W]\$" # default
PS1="\u@${ec2_name} "
PS1+="\[\033[01;34m\]\${PWD#\$HOME/}\[\033[00m\]"
if [ $git_status = "y" ]; then
PS1+=" \[\033[0;32m\]\$(__git_ps1 '\''(%s)'\'')\[\033[00m\]"
fi
PS1+="\n\[\033[0;32m\]└─►\[\033[00m\] "
export PS1
PATH=$PATH:$HOME/bin:/usr/bin:/usr/local/bin
export PATH
unset USERNAME
alias git-log="git log --pretty=oneline"
alias git-preview-files="git fetch; git diff --name-only HEAD..@{u}"
alias git-preview-diff="git fetch; git diff HEAD..@{u}"
' > temp_bash_profile.sh
Note, '\'' = '
Update ec2_name="ec2name" to the name of your ec2 ie super-cool-service
> vim temp_bash_profile.sh
Append to existing bash profile
# using sed
> sed -i '/# User specific environment and startup programs/ r temp_bash_profile.sh' ~/.bash_profile
# or edit and add to the end
> vim ~/.bash_profile
Test and see results
> source ~/.bash_profile
ec2-user@ec2-name /data/cool-app (development=)
└─►
- Details
Sometimes you want to know how long a script took and how much memory it consumed.
Run Time and Memory used can also be useful if tracked overtime, for example in:
- cron/cli scripts
- web requests
- api requests
While tools such as New Relic (paid), DataDog (paid), NetData (opensource), Prometheus (opensource) could be used, sometimes a simpler local solution is all that is needed.
Here is a simple Trait to extend your classes with
<?php
namespace App\Traits;
trait Stats
{
private $timer_start;
private $timer_finish;
public function statsTimerStart()
{
$this->timer_start = microtime(true);
}
public function statsTimerFinish()
{
$this->timer_finish = microtime(true);
}
public function statsTimerRuntime()
{
if (empty($this->timer_finish)) {
$this->statsTimerFinish();
}
$runtime = $this->timer_finish - $this->timer_start;
return gmdate('H:i:s', $runtime);
}
public function statsMemoryUsed()
{
$memory_used = memory_get_peak_usage(true);
return $this->statsFormatBytes($memory_used);
}
public function statsFormatBytes(int $bytes, int $precision = 2)
{
$units = ['B', 'KB', 'MB', 'GB', 'TB', 'PB'];
$unit_index = 0;
while ($bytes > 1024) {
$bytes /= 1024;
$unit_index++;
}
return round($bytes, $precision) . $units[$unit_index];
}
}
Basic usage:
$this->statsTimerStart()
.. do stuff ..
log 'stuff processed in ' . $this->statsTimerRuntime() . ' using ' . $this->statsMemoryUsed();
Page 1 of 15
