Matthew Bass

  • CORS woes on Heroku

    ,

    After spending the past 4 hours attempting to solve what boiled down to a rather simple problem, I figure I’d better blog about it to save someone else the time and effort.

    If you’ve been leveraging Passenger’s new –nginx-config-template command line option to add CORS headers to static assets served from a Rails app hosted on Heroku, and the CORS headers recently disappeared under mysterious circumstances… read on.

    I’ve been using the method described here to add CORS headers to custom fonts served from a Heroku-hosted Rails app that’s proxied by Nginx which handles serving static files. I recently updated to Rails 4.2.2 and suddenly, my custom fonts (.woff and .woff2 files) no longer had CORS headers on them.

    After the aforementioned hours spent scratching my head, I discovered that the latest version of the sprockets gem is generating asset digests that are 64 chars in length, where previously they had been 32. Nginx’s default regexp for identifying requests for static assets assumes the digest will be 32 chars long, like so:

    # Rails asset pipeline support.
location ~ "^/assets/.+-[0-9a-f]{32}\..+" {
  error_page 490 = @static_asset;
  error_page 491 = @dynamic_request;
  recursive_error_pages on;</code>

  if (-f $request_filename) {
    return 490;
  }
  if (!-f $request_filename) {
    return 491;
  }
}

    Changing the regexp to recognize digests that are 64 chars in length immediately solved the problem:

    location ~ "^/assets/.+-[0-9a-f]{64}\..+" {
   ...
}

    I had to laugh after something so stupid and silly cost me a good chunk of my Saturday to debug. But at least it’s working now. My statically served custom fonts have the correct CORS headers and Chrome and Firefox are happy again.

Need help?

I’m an independent software developer available for consulting, contract work, or training. Contact me if you’re interested.

  • RailsConf registration reopened

    ·

    The fine folks at RailsConf have reopened registration for an additional 150 seats. If you were thinking of going before, but didn’t get a ticket prior to registration closing, now is the time to take action. No, seriously, it is!

  • My Job Went to India

    ,

    ·

    My Job Went to India“You might not know it, but you’ve already lost your job.”

    Thus begins the back cover of Chad Fowler’s new book, My Job Went to India (And All I Got Was This Lousy Book). Hey, it caught my attention too! I recently finished tearing through Chad’s 185-page book and have to say that it was one of the best work-related reads I’ve had in quite a while. The writing was clear, chapter organization made sense, and the content was nothing short of phenomenal.

    Have you ever questioned how much value you’re bringing to your company? Have you ever wondered when… or if… the outsourcing will stop? Have you ever brainstormed about ways to make your existing job more secure? If you’re a typical American programmer, the answer to these questions is probably, “Yep, sure have.” If this is true for you, Chad’s book will answer many of the questions you have, and give you a radically different perspective on the outsourcing movement… a perspective that will change how you treat your job.

    This book is structured very much like the upcoming Practices of an Agile Developer. It’s split up into 52 bite-sized chunks of information that can be read in a matter of minutes. Each chunk, however, brings fresh ideas to bear on the problem of outsourcing and explains steps you can take today to ensure that you remain competitive in tomorrow’s job market.

    I found Part IV, “Marketing… Not Just For Suits,” to be especially relevant. As a developer, I have a tendency to consider personal marketing as being a useless exercise, when in fact it’s a vital part of participating in the software development community. Marketing isn’t just about advertising, as Chad explains in the book. It involves engaging the community. It’s about blogging, writing for magazines, contributing to open source projects, speaking at conferences, and mentoring co-workers. In short, thinking more about what you can give to the community than what you can get from it. When an employer can see that you love the art of software development so much that you’re willing to spend your own time on it, they’ll be impressed. As Chad writes, “If you’re not actively trying to make your mark, you’re probably not making it.”

    If you’ve ever worried about the coder next door (or on the other side of the world) who is threatening your job, this is the first book you should read. A wonderful side effect of the book is that it will encourage you to be more passionate about your work, and to strive to give 110% every single day.

  • The end of the Internet?

    ·

    “The nation’s largest telephone and cable companies are crafting an alarming set of strategies that would transform the free, open and nondiscriminatory Internet of today to a privately run and branded service that would charge a fee for virtually everything we do online.”

    I’ve read articles like this a couple of times before. The real question is whether such a plan could be implemented “en masse” in a short amount of time. If even a small part of the Internet was left uncontrolled, market economics would drive everyone there.

    I also wonder what this would mean for blogs.

  • The DMV and continuous integration

    , , , ,

    ·

    My father recently had an experience which bitterly proves that minor details can have major consequences. Last week, his insurance company mistakenly reported to the DMV that the coverage on his auto had lapsed. The DMV responded by revoking his tags within the space of 48 hours (quite speedy for them). To resolve the matter, he had to take proof of insurance to a local DMV office (in someone else’s vehicle, of course).

    Here’s how the process went, in his own words:

    1. Go to the DMV office on Academy St.
    2. Find out they only do driver’s licenses there.
    3. Go to the DMV office at Walnut and US-1. Walk up to the desk.
    4. Find out that the FS-1 form the insurance company faxed me has an effective insurance date of 3/34/05 rather than 3/24/05. It’s not acceptable.
    5. Find a pay phone to call the insurance company for a corrected form. Seems I left my cell phone at home.
    6. Get the insurance company to fax the corrected form to the DMV office I’m standing outside of.
    7. Go back into the DMV office and finish the transaction.
    8. Walk out with my sticker, new registration, and the confidence that comes with obeying our state laws.

    Suprisingly, aside from the nuisance of having to physically go to a DMV office, most of the blame for the mistake lies with his insurance company. First, their computers reported him as uninsured, which was, of course, incorrect. Second, when proof of insurance was faxed to him, the date on it wasn’t just off by a day or two… the date wasn’t even valid!

    If we assume that the insurance company used a computer to generate the form (a safe assumption), this means that one of the following must be true:

    1. Their processing is so antiquated that they’re simply filling out word processor templates; the incorrect date was human error
    2. The software they’re using isn’t smart enough to catch invalid dates
    3. The software they’re using has a good, ol’ fashioned bug

    If #1, they really should consider upgrading their systems to minimize the impact of human error. If #2, they need to consider investing in a more sophisticated software package. In my book, date validation is a fairly important feature! If #3, they were either sold lousy software or their in-house development group needs to do a better job of testing.

    Minor details can have major consequences. The best way to ensure the integrity of minor details is to test them. The best way to test something is to always run tests. The best way to always run tests is to use a continuous integration system!

    Now if only someone at my father’s insurance company would read this…