HackerTrans
TopNewTrendsCommentsPastAskShowJobs

togakangaroo

no profile record

Submissions

A heck of a wild bug chase

georgemauer.net
66 points·by togakangaroo·2년 전·56 comments

comments

togakangaroo
·작년·discuss
Also a link on that noladevs site to the community slack. That one has been going since early Launchpad days....what? 14 years ago?
togakangaroo
·작년·discuss
Hey, I'm the author of the linked article, cool to see this is still getting passed around.

Definitely agree there's no perfect solution. There's some escaping that seems to work ok, but that's going to break CSV-imports.

An imperfect solutions is that applications should be designed with task-driven UIs so that they know the intended purpose of a CSV export and can make the decision to escape/not escape then. Libraries can help drive this by designing their interfaces in a similar manner. Something like `export_csv_for_eventual_import()`, `export_csv_for_spreadsheet_viewing()`.

Another imperfect solution would be to ... ugh...generate exports in Excel format rather than CSV. I know, I know, but it does solve the problem.

Or we could just get everyone in the world to switch to emacs csv-mode as a csv viewer. I'm down with that as well.
togakangaroo
·2년 전·discuss
I think I left my context collapse a little here. The article had gotten really good feedback when I passed it around in the various communities I'm in, but I hadn't written it with the idea of the broader hackersphere in mind. I did post the story to here, but I didn't really think it would get traction. I should have done some double-checking and added caveats and context beforehand.

My comment about Claude was simply intended to giggle at how much it has us pegged, not to call out the op directly.
togakangaroo
·2년 전·discuss
Ah, yes, I mean, agree that would have been technically correct, but like I said, its just not how a lot of the web works. auth0-nextjs seems to react to `GET` by default (though it might also work with `POST` and you certainly can override things)
togakangaroo
·2년 전·discuss
Author of the post here,

There was no form submission, I'm not sure where you got that. There was also no POST. Though yes, I agree that in the core HTTP semantic, you wouldn't want to change state on a GET and that should include not calling `Set-Cookie`. And yet the reality is that that nearly every application - and many popular libraries like auth0 - do in fact set and clear cookies on `GET`.

The issue here was that the `Link` component in NextJs

- does preloading by default (which is a bad idea exactly for the above reason of reality being different from theory)

- doesn't do preloading by default when running on the dev server (so you don't see the error until its deployed)

- because it does preloading directly in javascript, it can't possibly follow the HTTP semantic of not actually applying cookies until later when the cached route is used

Everything else was the wild goose chase bits.

Also I asked claude to criticize the article as a web forum might before publishing, and this is definitely the tone it gave :D

Oh, also, I'm pretty sure I got the part wrong where i was talking about the preload attribute in HTML, but so far no one's noticed. I should correct that.