Imagine that in order to have a great life you have to cross a dangerous jungle. You can stay safe where you are and have an ordinary life, or you can risk crossing the jungle to have a terrific life. How would you approach that choice? Take a moment to think about it because it is the sort of choice that, in one form or another, we all have to make

Principles: Life and Work

Content Security Policy (CSP)

I been learning about web security in the last few days, and today I learned about CSP or Content Security Policy.


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. 

MDN web docs

In simple words, it allows you to control the domain for your resources, including images, CSS and Javascript files, this means that you can protect your site from loading external scripts that might cause harm to your visitors.

How does it work?

You can set CSP with HTTP Header by returning Content-Security-Policy or you can add a meta tag to your HTML document.

How do I write a policy?

Let’s write a simple policy for my site:

  • I will start by adding a meta tag to my header
<meta http-equiv="Content-Security-Policy" content=""&gt;

As you probably noticed, our content attribute is empty, this is where we’re adding our own rules, let’s add them.

  • Initially I want to allow my site to load resources from my own domain, so our first rule is:
default-src 'self'
  • Since my site is hosted on, I want to load resources form, and, let’s add the rules
default-src 'self' * * *
  • Now the browser will only load resources from those domains on my site, I can be more specific and choose from which domain the site can load scripts, media or images, let’s add only to our images rule
default-src 'self' * *; img-src *
  • My meta tag now looks something like this
<meta http-equiv="Content-Security-Policy" content="default-src 'self' * * *"&gt;

You can read more about CSP in the MDN Docs and if you have a WordPress site, you can use this plugin

Always Be Reading

Shekhar Gulati

I became a software engineer by chance. I was offered a job by a software organization during my campus interviews. I took it. And I became a software engineer.

Because I had pursued bachelors in Mechanical engineering, there was little learned about computer science in four years of my undergraduate course. My only interaction with it was during the first semester, where one of the subjects was C programming language. As far as I remember I enjoyed programming a lot. After entering the job, it took me a couple of years to figure out how I can succeed in the professional world. I realized that my magic formula to do good in professional and personal life is Always Be Reading.

In this post, I will share my thoughts on having a beginner mindset and continuously improve yourself to live a meaningful and fulfilling life.

View original post 639 more words

Getting software right is hard. It takes knowledge and skills that most young programmers haven’t yet acquired. It requires thought and insight that most programmers don’t take the time to develop. It requires a level of discipline and dedication that most programmers never dreamed they’d need.
Mostly, it takes a passion for the craft and the desire to be a professional.

Robert C. Martin

git: Pushing to a Remote Branch with a Different Name

Pen and Pants

Normally when I do a push in git I do something like git push origin master, which really means push from the local branch named master to the remote branch named master. If you want to push to a remote branch with a different name than your local branch, separate the local and remote names with a colon:

git push origin local-name:remote-name

View original post