#elixir-lang - 20 April 2019
« Back 1 day Forward 1 day »
[00:26:20] Dakora: chrismccord: interesting issue i have after upgrading to phx 1.4.3, cookies no longer get set on localhost. this *could* be a chromium issue, but the only mention of it i can find is from 2010
[00:27:07] Dakora: i was trying to figure out why the CSRF check was failing, there is just no cookie there. phoenix does send the set-cookie header so i'm not sure where to start looking at this
[00:32:45] Dakora: chrismccord: not sure if guys want to include a note about that in phoenix. cookies no longer get set on localhost in chromium. i've worked around it by directing a domain to localhost in my hosts file
[03:50:20] josevalim: Dakora: I don’t see them removing cookies from local host. It may be something like an invalid cookie or a cookie being too large?
[14:17:18] nickjj: wow that's horrible news... i just watched one of his talks the other day too, such a good presenter
[14:29:54] mrus: Is there a way to specify a list of imports somewhere (e.g. config.exs oder mix.exs) and then have a function iterating over that list and importing the specified files during compile time?
[14:34:04] benwilson512: and then .ex files in some other path will be automatically compiled when you run with mix
[14:39:26] mrus: benwilson512: well.. I'm looking for something I probably shouldn't be doing in first place. However, I see no other way. I'm using maru (`https://github.com/elixir-maru/maru`) to build a couple of API services. I want to have a shared library for those services where I pre-build basic components like the "MyApp.API" maru server and have the services rew-use them. Now, the problem seems to be that, in
[14:39:32] mrus: order to extend a Maru.Server with "resources" (endpoints basically), one needs to call "mount", which seems to be a macro that's run durin compile time. So, in order to allow each service that makes use of that shared library to mount its own endpoints, I somehow need a way to import the services' endpoints from within the shared library during compile time and have it mount them.
[14:44:00] mrus: benwilson512: I see. The thing is, then every service would require a set of files, which only job it is to "use LibraryModule".
[14:45:27] mrus: i guess the main issue here is that Maru doesn't allow dynamically mounting post compile-time.
[19:15:47] serafeim: hello, i'd like to chat a bit about the decision behind eex templates. it seems that they are closer to JSP or PHP than to Django templates. i.e it can execute arbitrary code in the templates
[19:46:24] starbelly: serafeim: I'm not sure I follow 🤔 I've never seen a template that didn't allow you execute code in a template....
[19:47:01] starbelly: Also, eex is wildly different from the others in that it gets compiled to functions
[19:47:20] serafeim: starbelly, well it's not a good practice to allow arbitrary code execution in templates
[19:48:07] starbelly: Yeah, that's not a problem I see with eex... but i mean, any one can abuse any tool.
[19:49:25] starbelly: You of course want to limit the logic or optimally have no logic in your templates, I think that's well understood by everyone.
[19:50:00] serafeim_: starbelly, correct. that's why it felt strange to be able to do the <% do whatever you wish here %>
[19:51:15] serafeim_: griffinbyatt, i have experience with more restrictive environements (django templates) and same restrictive ones (JSP/ PHP)
[19:52:18] starbelly: IMO, it's best not to assume the user is an idiot and put up walls to protect them... give them sharp tools, let them gauge their eyes out, and perhaps they will learn from that :) Even better, try to educate vs restrict.
[19:52:43] serafeim_: starbelly, i understand what you mean yes however if you have the power it is easy to abuse it
[19:54:37] serafeim_: however I still remember with horror back when I was a junior JSP developer my 1000 lines jsp that had the same 900 lines in their preamble in order to be able to call some web services
[19:56:16] griffinbyatt: You're talking about a tool that's intended to be for *any kind* of template and wanting to restrict it
[19:57:46] griffinbyatt: I think an argument could be made that web frameworks like Phoenix should use a more restrictive templating environment
[19:58:36] starbelly: Well it is restrictive in some ways... raw html as an example that hasn't been blessed
[20:01:55] benwilson512: serafeim_: it's also worth viewing how EEX is used within Phoenix. The whole paradigm pushes you to write pure render functions. All the work is done in the controller, and then the resulting values are passed to the templates
[20:06:05] serafeim_: benwilson512, yes I've seen that. the data gathering seems to be done in the controllers and only some minor render modification in the views and the templates just display it
[20:34:37] nox: starbelly: "Don't put up walls to protect user" is how we continue to use C and C++ though.
[20:37:42] starbelly: nox: Yeah... I mean, that's a bit diff though, no? I mean, you're more likely to make a horrible mistake in C... less likely in erlang or elixir, and it's not because walls are in place.
[20:40:57] starbelly: My main thing is... I don't like it when frameworks, whatever assume the user is an idiot... ignorant maybe? Yes. That's where education comes in and that's a community effort in a lot of ways.
[20:42:13] starbelly: I think if we do write libs and such with that assumption, we will all end up... well, in a proverbial sea of ignorance.
[21:11:51] gonz_: What does it buy you elsewhere? Does it defend against something that's been proven to be too hard to handle and perhaps invites usage without considering the future?
[21:12:47] gonz_: There's no doubt in my mind that languages requiring annotations for side effects are better, for example
[21:14:30] gonz_: Restricting side effects to clearly annotated paths and having those annotations propagate pays off. It lets you design APIs with that in mind. You know there can be no side effects in closures you take as arguments because you didn't put that in the type.
[21:16:26] gonz_: With all this said I think macros are overblown as far as footguns go; people make disproportionally too much noise about them.
[21:19:31] starbelly: I think it all depends on your goals. No one is absolutely right nor wrong either. And that's just the cookie forever crumbles.