It has penetrated the FAANG. They are the architects of the "modern computing", where your only "choice" is between "light" and "dark", between iOS and Android, between Linux and Windows, between "updates" and "security", between "your privacy" and "important for us", between "copilot" and "recall", between ARM and x86, between "secure boot" and Quallcomm.

I dont think that what you've described is "postmodernism", even slightly...

How were the use of dichotomies in "deconstruction" your takeaway from the article?

If anything, the rise and seemingly fall/disappearance of postmodern/academic-driven political correctness, diversity in FAANG etc... shows that it has died there as well (for better or worse - I'm NOT getting into that discussion here).

FYI, it's easy to cache the html output of a WordPress site, resulting in essentially a static site with graphical admin, page builder, and all the other bells and whistles.

Bothered me greatly. Should have done on-page AND a link to codepen for you to play with

And how might you do this in Javascript?

they just said "LLMS"!

My point was that js would be vastly more complicated than these html/css "incantations".

Most front end engineers could do it in JS without ever having to look something up. But the CSS to do it is still obscure to most.

so, why not answer my question and say how you'd do it in js...?

*will do

I just went looking for docs and it seems that 8.2 is not out yet

https://github.com/rails/rails/pull/56350/

Lots of bold claims for something with a single release straight to v1...

I'd be curious how this compares to NATS, most of all. Or even etcd

Crashes my mobile chromium browsers when I try to open crime and punishment.

Firefox seems to work.

Sec fetch has 98% browser coverage now. You can fall back to origin, which has 100% coverage.

Non-browser clients can be either blocked or even just given a pass, since CSRF is about tricking someone into clicking a link that then sends their Auth cookie along with the request. Either the non-browser request includes a valid cookie in the request and is allowed to mutate state, or it doesn't and nothing happens as the request doesn't get authenticated.

Fetch Metadata headers, as discussed in this post, are just as simple and much more effective. There's lots of issues with referer, and even some with origin.

98% coverage if you exclude browsers that caniuse doesn't track (which is surely appropriate, since even things like checkbox elements have only 96% coverage if you include un tracked browsers).

And you can fall back to origin header, which has universal coverage. Then block anything else.

Also, owasp doesn't recommend it as defense in depth. It is a primary, standalone defense against CSRF.

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Re...