The Definitely Typed community does an awesome job typing packages that ship without types, but as most community maintained efforts it is a work in progress. If you find an error in a @types declaration you can expand it by including a declaration in the paths entry of the compilerOptions in your tsconfig file.

Adobe Flash and Reader documents can embed external content, but only if the source has explicitly stated that this can be done and in which cases, by means of a crossdomain.

Rebase is one of the most often used commands, as a way to update your tree with all the changes that happened in master since you branched. But when used with its --interactive (-i) flag it turns into the most powerful history changing git command.

Say you’ve amended once to add a forgotten file, once to change the message, another one to remove a console.log, and you realise you are tired and you need to focus a little bit better.

Sometimes I’ll come up with a better description of what I did in my last commit right after I’ve committed it. Or maybe I forgot to appropriately prefix it or to append the branch name at the en of it.

Optimally we would always work in a purely linear way, after carefully planning all the code changes required to implement a certain feature. This works best if we are doing very small changes, modifying only a couple of characters or lines, if we are well acquainted with the codebase and the stack being used, or if we’re undertaking a trivial task that we can do almost mechanically.

Some web frameworks, most notably Express.js, automatically add the X-Powered-By header. The goal is probably marketing —although we could call it recognition to the team that developed an a free and open source solution.

Back in the day iframes were used everywhere —keeping the URL the same while navigating, embedding Adobe Reader, even as a layouting tool 🤦🏽‍♀️— but they can circumvent some CSP policies, are an accessibility nightmare and most notably they are the main medium of clickjacking attacks.

The infamously misspelled Referer Header contains the address where the request originated, it is there for analytics, referrals etc. But as URLs can and do encode all sorts of information as Search Params or Path Variables it can open the door to tracking and leaking.

With Content-Security-Policy you can avoid foreign scripts from being executed, but you can still inject malicious code as plaintext and let the browser figure out that it should be handled like code, defeating the whole purpose of CSP.