the frontendian

Último Post


In any good heist movie, it's ultimately the little details that make the difference between prison and payday. Much the same could be said of web security: it's the small oversights that pose the most risk to our applications, as few of us will ever stand against DDOS attacks the size of which recently hit GitHub, just as most heists won't be conducted with bazookas. They'll sneak in through the vents instead.

Leia Mais

Posts Recentes

Service Workers

When authoring JavaScript for the browser, you don’t think twice about embedding that JavaScript within an HTML document. Perhaps you load your script via a resource request, or embed it directly within a script tag, but in either scenario the lifecycle of your JavaScript is irrevocably married to its parent document.

Leia Mais

Content Security Policies

A good defensive strategy is multilayered. Whether it's the multifactor authentication system you use to log into GitHub, or the kill switch on Furiosa's war rig, having more than one safeguard against intrusion makes attacks substantially more difficult. The same is true for web security, and today's post is going to introduce you to a powerful tool you have to augment your website's security: content security policies, or CSPs.

Leia Mais

The Prototype

Amongst JavaScript arcana, the prototype stands alone for its ability to baffle developers and invite misuse. With the introduction of classes in ECMAScript 6, you might be tempted to dismiss the JavaScript prototype once and for all–but as this post seeks to demonstrate, it is, and will remain, a fundamental aspect of the JavaScript language that you can ignore only at your own peril.

Leia Mais

The Tectonics of the Web

It’s a common refrain amongst frontend developers: “The web changes so quickly, I can barely keep pace!” New frameworks come into vogue, tooling trends come and go, and browsers implement (and deprecate) scores of features, all in the span of weeks and months. It can feel like you’re building on quicksand.

Leia Mais


CORS (Compartilhamento de Recursos de Origem Cruzada) é um assunto um tanto quanto obscuro para muitos desenvolvedores web. Como lendas de míticos monstros marinhos, todos desenvolvedor tem um história para contar sobre quando o CORS se apoderou de seus requests, levando-os para profundezas inexoráveis, e nunca mais foram vistos.

Leia Mais

Efficient Resource Requests

Few users of the modern internet realize that a webpage isn’t a single “thing” but a composition of scripts, stylesheets, HTML, and more. To an end user, a website is a website, though some are certainly slower than others, and some keep lagging even after the page has loaded. Much of what can be interpreted as a website’s performance can be reduced to how quickly its various resources are obtained, and as users become accustomed to meticulously tuned web applications by the likes of Google and Facebook, it’s important for every frontend developer to understand how to optimize their site’s resource requests.

Leia Mais