WDRL — Edition 218: Storage Access, Service Worker Messaging, Securing GraphQL, And A Moral Compass

Celý článek

Hey,

You know what? I think Service Worker is probably one of the misrepresented technology we currently have. When I hear people speaking about it, the topic is always serving your app when a user is offline. However, the technology can do so much more than that and every week I’m reading another article about what we can do with Service Worker. This week for example, we can learn how to use it for cross-tab messaging and to load off requests into the background with the Background Sync API. I think this toolset we now have in our browsers already allows us to build great experiences regardless of the network state and now it’s up to us to build them so that users love the eperience. And that’s probably the hardest part. Happy weekend!

News

• The nginx server now has HTTP/2 Push support in the mainline release 1.13.9 (not stable yet) which is great news.

Generic

• Ed Ellson ran a deep-dive into Chrome’s Background Sync API and found out how the technology behaves in regards to retrying to perform a request. Context: The API generically allows us to improve the web browsing experience for users who go offline or are on crappy connections by allowing synchronization in the background after a first attempt has failed.

Security

• With GraphQL you can query exactly what you want whenever you want. That is amazing for working with an API, but also has complex security implications. Instead of asking for legitimate, useful data, a malicious actor could submit an expensive, nested query to overload your server, database, network, or all of these. Max Stoiber has summarized how at Spectrum they secured their GraphQL API.

Privacy

• WebKit now introduces the Storage Access API. This new API targets one of the major issues with Safari’s Intelligent Tracking Protection (ITP): Identifying users who are logged in to the first party but viewing content of it embedded on a third-party (YouTube videos on a blog). The Storage Access API allows third-party embeds to request access to their first-party cookies when the user interacts with them. A good solution to protect user privacy by default but allow exceptions on request.

Web Performance

• Janos Pasztor built his own Content Delivery Network for fun and profit and why he thinks it can be a better solution than using existing third-parties for this. Finally, the code for the CDN on his personal website is available on Github. A nice web performance article looking at common solutions from a different angle.

JavaScript

• James Milner shares how we can use a Service Worker to send messages between browser tabs that are in the same domain scope.

Work & Life

• Following the theory of Michael Bradley, projects don’t necessarily need a roadmap for success. Instead, he suggests to create a moral compass that points out why the project exists and what its purpose is.

Go beyond…

• Why do we forget most of what we read and watch? Jason Kottke tries to find answers to this and found some interesting quotes and sources that help explaining this phenomenon.

—Anselm