Of all the bytes scurrying around on the internet at any given moment, the vast majority of them are static, or are unlikely to change over time. Images, videos, and fonts all fall into this category, and a great many of the modern internet's performance woes can be attributed to these resources.
Read MoreIn any good heist movie, it's ultimately the little details that make the difference between prison and payday. Much the same could be said of web security: it's the small oversights that pose the most risk to our applications, as few of us will ever stand against DDOS attacks the size of which recently hit GitHub, just as most heists won't be conducted with bazookas. They'll sneak in through the vents instead.
Read MoreWhen authoring JavaScript for the browser, you don't think twice about embedding that JavaScript within an HTML document. Perhaps you load your script via a resource request, or embed it directly within a script tag, but in either scenario the lifecycle of your JavaScript is irrevocably married to its parent document.
Read MoreA good defensive strategy is multilayered. Whether it's the multifactor authentication system you use to log into GitHub, or the kill switch on Furiosa's war rig, having more than one safeguard against intrusion makes attacks substantially more difficult. The same is true for web security, and today's post is going to introduce you to a powerful tool you have to augment your website's security: content security policies, or CSPs.
Read MoreAmongst JavaScript arcana, the prototype stands alone for its ability to baffle developers and invite misuse. With the introduction of classes in ECMAScript 6, you might be tempted to dismiss the JavaScript prototype once and for all–but as this post seeks to demonstrate, it is, and will remain, a fundamental aspect of the JavaScript language that you can ignore only at your own peril.
Read MoreIt's a common refrain amongst frontend developers: "The web changes so quickly, I can barely keep pace!" New frameworks come into vogue, tooling trends come and go, and browsers implement (and deprecate) scores of features, all in the span of weeks and months. It can feel like you're building on quicksand.
Read MoreCORS (Cross-Origin Resource Sharing) is subject tinged with dread for many web developers. Like tales of a mythical sea beast, every developer has a story to tell about the day CORS seized upon one of their web requests, dragging it down into the inexorable depths, never to be seen again.
Read MoreFew users of the modern internet realize that a webpage isn't a single "thing" but a composition of scripts, stylesheets, HTML, and more. To an end user, a website is a website, though some are certainly slower than others, and some keep lagging even after the page has loaded. Much of what can be interpreted as a website's performance can be reduced to how quickly its various resources are obtained, and as users become accustomed to meticulously tuned web applications by the likes of Google and Facebook, it's important for every frontend developer to understand how to optimize their site's resource requests.
Read More