Laravel VS fingerprintjs

Looking at artisan and the Symfony maker bundle, I saw two different ways to build content. Artisan works with stub files which are text files with a Twig syntax for the variables. And the maker bundle works with php templates.

In PR #51376 to Laravel in May 2024, Jason McCreary and Joel Clermont added the Illuminate\Console\Prohibitable trait to the framework, which was then included in the Laravel 11.9 release.

When you call the driver method on the facade, it's proxied to a manager, depending on which facade you're using. In the caching scenario, it's directed to the CacheManager. Let's inspect its code.

For more information on this vulnerability, check out the official Laravel security advisory: GHSA-gv7v-rgg6-548h

While this feature isn't released yet, it's expected to be available soon. Keep an eye on Laravel's official channels for the announcement. In the meantime, check out the merged PR on GitHub! https://github.com/laravel/framework/pull/53179

Starting in Laravel 11.26, you can now use the artisan make:job-middleware command to generate Job middleware.

Create a new issue in the parent repository, in our case the laravel/framework repository. Be as detailed as you can be for the update you are doing.

Hope this saves a future team from unexpected behavior resulting in (potential) production data loss.

When using Postgres, Laravel's default method for truncate uses the cascade option, which will ignore foreign key constraints and potentially wipe large amounts of data with no confirmation or warning.

It was originally introduced in 2018: https://github.com/laravel/framework/pull/26389/files

Here are two threads on it if you are curious: https://github.com/laravel/framework/issues/29506

The websites opening an audio context without using it to play anything are probably doing bot detection.

Different browser engines and operating systems implement audio processing differently, so if you play a completely inaudible sound and then record it back (from the API not the microphone) you end up with a signature.

You can use that signature to see if the browser is lying about its user agent, running in headless mode, or all sort of other interesting edge cases that are not a real user buying widgets.

https://github.com/fingerprintjs/fingerprintjs/blob/3201a7d6...

The more APIs available for JS to interact with, the more granular and detailed browser fingerprinting can be. For example, how your browser renders WebGL can differ depending on what graphics card (and drivers) you have. The resulting values can be read back and stored to create a detailed fingerprint of who you are -- this could potentially be done by Google Fonts or AdSense or any number of the countless ad and analytics frameworks loaded on basically all websites.

https://www.privacyaffairs.com/browser-fingerprinting/

Browse the source in this directory to see a plethora of examples of how web APIs are used to fingerprint users -- and this is just one publicly-accessible library we can easily review the source code of (proprietary, obfuscated ones likely use additional methods): https://github.com/fingerprintjs/fingerprintjs/tree/master/s...

To prevent abuse, I plan to integrate browser fingerprinting and set a limit on the number of requests per client. The FingerprintJS library can generate a visitor ID to track and limit requests.