Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 204 No Content
Me: 200 OK

Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 413 Payload Too Large
Me: 102 Processing
Me: 200 OK

Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 200 OK

Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 429 Too Many Requests

Me: GET /sleep
Baby: 307 Temporary Redirect
Me: 101 Switching Protocols
Me: 408 Request Timeout
GF: 102 Processing

Me: GET /sleep
Sleep: 404 Not Found
Me: 406 Not Acceptable

(Morning)
Me: 501 Not Implemented

My 80 year old very absent minded dad made a website, all by himself, using a two decades old book he got from the thrift store.

He's even hosting it himself on an old laptop running Debian, including a redirect to a beautiful nostalgic /~username/index.htm url (not gonna share the link, because his personal details are on there).

The whole site is incredibly carefully crafted, and I'm super proud of him.

Who cares if it's not a React app? The 14 kilobytes of HTML 4.0 markup load in 20-30ms, and it renders pretty much perfectly in every browser including Internet Explorer 4 and Edge.

🤷‍♂❤️

I hate those fucking sites which make you login first and then redirect to their home page.

FOR FUCK'S SAKE, ITS 2017. CANT YOU BASTARDS WRITE A FEW LINES OF CODE SO THAT I AM AUTOMATICALLY REDIRECTED TO WHERE I WAS AND I NEED NOT BACKSPACE EVERY TIME I LOGIN?

Client: About this QR code for my website, can we change it?
Me: Well we could redirect, but what's wrong with it?
Client: I just dont like the pattern, it's too noisy...
Me: 🙃

More than half of all support calls and tickets we get are so fucking easily searchable through our own fucking website and search engines, it's really fucking annoying sometimes.

"how do I redirect a site?"
Type the fucking word redirect into our helpdesk page.

"how can i reset my email password?"
Literally fucking type the word EMAIL into fucking search bar?!

"hey the article said to go to yourdomain.com/webmail, I'm not getting anything!!!"
"what domain did you use?"
"yourdomain.com of course!"

😥🔫

"how can I add a domain to my hosting?"
Search for the FUCKING word DOMAIN on our online helpdesk.

IT'S REALLY NOT THAT HARD, PLEASE APPLY COMMON SENSE AND USE YOUR FUCKING BRAIN.

Developed an android app for the client. It was going great. Prototype for the initial (and static) content to show to the client was on the way. All until...

*goes back in time to when we were developing the prototype*

The asshole boss: "Wow this is good, just remove the login after the splash screen. Redirect it to the dashboard immediately."

Me: "What? Why?"

TAB: "He (the CEO of our company) said that the client doesn't need to see the login."

Me: "Well, alright." (Orders are orders, better remove it)

*A few days later, we present the prototype to the CEO. He'll be the one talking to the client. TAB isn't in this meeting.*

CEO: "Where is the login screen?"

Me: *dumbfounded and confused, in silence, and pressure rising*

The Good Boss: *whispers* "Where is the login screen? I thought I told you guys it should be there."

Me: *whispers* "TAB told us to remove it."

TGB: *Looks toward CEO* "TAB told us to remove it."

CEO: "Ugh. TAB is sick."

A little giggle. Nonetheless the meeting continued. He was displeased. I was a little guilty. The login screen's code was already there. Just couldn't show it since the app doesn't redirect there anymore.

*A discussion after the meeting*

TGB: "Why'd you guys remove the login?"

Me: "You and TAB had a meeting with the CEO the other day. After the discussion TAB went to us and told us to change it."

TGB: "But the CEO said no such thing! Anyway, let's go back to the office and straighten this out tomorrow."

*The next day, TAB was in the office*

TGB: *Chatting on messenger with me* "He is completely denying it."

Me: "WHAT?"

TGB: "He said he never told you guys anything. And he is persistent. I kept telling him it was his fault, but he denies all of it. He never approached you guys to change anything."

Me: "Well yeah. I guess we magically thought to ourselves and said, 'Hey, let's remove the login screen for fun. Let's show them less content because that's how we please our clients!' -_-"

Seriously, what kind of assholefuckery is this. This shit is a whole new level. I am so TRIGGERED.

I don't really care that the meeting didn't go as planned. Just MAN UP AND ADMIT YOUR MISTAKE YOU FILTHY SON OF A GOOSE. Never listening to this asshole again. Thought he could be trusted. I will always ask my good boss next time.

Had a former customer call a few (10) years ago, furious that we shut down their website.

Me: but you moved your website to another provider 2 years ago? We dont even provide webhosting any more?

Turns out, when they moved we put a redirect to their new site on our server.

During the summer this server was decommisoned due to a failing harddrive but since we no longer had any active customers on it we just pulled the plug.

The customer had never actually redirected their domain name. :)

When we sent them a copy of their own cancellation letter we got an "oh hell, sorry".

:D

I am working on another developer's PHP code, and I found a new way that he done the redirect after the login with PHP!

We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
Stuff like if(!confirm("blablabla") == false) and whole JavaScript libraries just to perform one task in one page that are loaded on every page you visit, complaining in the js console that they are loaded in the wrong order. It also uses a websocket on a completely arbitrary port making it impossible to work with it if you are on a restricted wifi. They flat out lie about their customers not wanting an offline app even though their communications platform on which they got asked this question once again got swarmed with big customers disagreeing as the mobile perofrmance and design of the mobile webpage is just atrocious.

So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.

The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.

All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.

And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.

And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!

We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.

While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.

Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.

It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.

The following has played out at more than one company:

App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up

*msg service team*

Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."

Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.

You want to know what fucking pisses me off? This fucking router thinking it can just inject itselft and redirect into any fucking page that it wants..my fucking bank account? Yep, my fucking google docs? YEP, Fucking CSGO? YOU BET BRO

>>> print(whoSaid("OlderFriend"))
About 20ish years ago I was working in IT, and it was about around this time where CD-Roms were hitting the stores and becoming the newest craze. However, Microsoft did not write the drivers correctly for this new hardware.

In a nutshell, the driver would be installed and the user would lose the sound to their speaker.

How did this happen? By altering the way the interrupts worked on the computer. At the time there only existed a few unreserved IRQs or Interrupt ReQuests. The installer package would redirect IRQ 5 which is "User Selectable (Sound Cards)" to work with the CD-Rom. This was fine and all unless you wanted to listen to your speakers.

I had come up with a clever hack through rewriting a config file that would be run during bootup. So at the time of boot up IRQ 5 would be dedicated to the sound card, and IRQ7 (which was usually for the Lpt1 Printer) would be dedicated to the CD-Rom. This worked.
And because I was IT at the time, I would get a lot of calls for fixing this problem.

So, as you can imagine, I've gotten **really** good at doing this. I didn't even need to be at a computer to walk someone through the problem.

I receive a call one day, it was a problem with the CD-Rom and sound card. I walk him through the problem and he reboots his computer. I could hear him on the other side jumping with joy when he was able to put in his music CD and hear sound coming from the speakers.

He asks me, how in the hell did you figure this out!? You're a fucking Genius!

And I said, It's not rocket science it's just a computer.

There was a long pause of silence.

Uhhh... Hello? Did I say something wrong?

Sir, I work at NASA I deal with Rocket Science on a daily basis.

So me and my wife offered a friend to build and host a website for him for free for the first year when he was starting his business. We all agreed and wife started to build it.
The only thing that she had left was getting pictures and texts from him that would be on the site. That was 10 month ago.

And Today - it was suddenly SUPER IMPORTANT to get the site up because he has left alot of Business cards at a conference.
Wife - who is studying answered that she can fix it in a few weeks because she does'nt simply have time.

The dude sent this now:
"Ok no worries, I have solved it myself"

So I checked:
The domain he bought, is just a redirect to "randomshit.wixsite.com"

Why the hell do people make websites with VALID SSL certs redirect BACK TO HTTP? What the fuck is wrong with them?!

Hashedram's compilations #1
List of most annoying website designs.

1) Pages with AUTO PLAYING VIDEOS.

Yes I'm looking at you Netflix. Along with every news website known to man. I'm looking to read a fucking article, so why would you even waste your money and bandwidth trying to shove a video of some shit I don't care about in my face, and make it follow me as I scroll down like a fucking insecure puppy. Also, fuck you Instagram.

2) Pages that redirect once immediately after you visit them, thereby fucking with the browser history and the BACK BUTTON just leads back to the same fucking site.

I mean, just why. Did you think I would just go "Hey the back button doesn't work so let's stay on the site and read their awesome content"?

3) Sites showing things in a SLIDESHOW, when it actually should be in a list.

Slideshows are for progressive stories or for showing lists where you don't care about what's in them. Top 10 foods that reduce weight. Slideshow 1/15. Fuck you.

4) LOOKS LIKE YOU'RE USING AN AD BLOCKER

Yes. Yes I am. No I will not turn it off for you, you narcissistic snowflake fuck. And don't even try to guilt shame me into turning it off, because I know you're just going to bombard me with videos of sexy singles in the area if I do.

5) Pages where I see the first 3 lines of an article and have to SUBSCRIBE to see more.

Yes. Brilliant fucking idea. A user wants to see what your site has to offer, so within the first three seconds, don't show him exactly that.

6) Looking up an article and having to read through the entire motivational life story of the author.

I just want to know how to boil eggs, not read about your journey across Africa learning how to make difference recepies using boiled rhino dung.

7) CLICK BAIT.

Title: School boy designs blockchain machine learning game engine

Actual Content: Tic tac toe program made using linked lists

I saw someone handle redirect on every anchor link on server side. Yes, they handle onclick on serverside and then decide where to redirect. No they don’t use href or any sort that’s stated on the HTML. And this guy is my senior.

The solution for this one isn't nearly as amusing as the journey.

I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.

They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.

Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.

The brilliant Infosys resources had a bright idea to solve this problem:

- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5

A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.

Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.

So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.

While they're all grandstanding and pontificating, I fire up visual studio and:

- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database

All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.

According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.

#TheValueOfEngineers

My parents are real sticklers for who is allowed to be on Netflix. They only let people on when they are present, and they never click 'save password'.

Me being a poor college student and desperate for the Netflix password, created a fake website for one of my parents to sign into.

How did I do this? I created my own localhost server with a backend database for the password to go to. I then copied the Netflix home screen and log in and asked them to log me into their account.

They said I can be on for one hour, and then they were signing me out.

I agreed to these terms.

As a small twist, I had also copied the no internet tab from Chrome for the page to redirect to. Knowing that once they logged in they would be expecting the main UI.

They logged in and then waited for the page to load. I, of course, put in a delay for the page to load and then displayed the no internet tab. They were confused and asked me to refresh, still nothing. I asked them if the router was out, and they went to check.

While they were away I quickly switched back to the real Netflix website and yelled back saying I got it working again. They came back over and saw that it was asking for a password again. They signed in and saw the main homepage and none were the wiser that day.

Once they left I checked inside the DB and found the plaintext password they typed in... The damn password was so simple, I cursed myself for not having figured it out sooner. No matter, I had my parents Netflix password.

So you're probably wondering how they didn't see the URL above and think something was off?

I pressed F11 and fullscreened my entire browser. They did ask, and I simply replied with, I don't like seeing all the crap up above when I'm streaming. No further questions, perhaps I was lucky.

Worst experience with a higher up?

At an old contract job (around 2013), I was contracted by the company to help guide their developers with me to rewrite their software (it was buggy as shit, they didn't know better.).

So, a month later, we are in the middle of the rewrite and the boss flies in pissed that it's not done yet, he had the audacity to accuse me of stealing contract work with no experience in the area.

I told him flat out, "you don't know what the hell you are talking about. If you didn't hire a JV coding team, you wouldn't need me to redirect your damn rewrite."

He fired me, so I went to his superior and told her the situation. She told me i completely deserved it.

Worse part was I got paid half of my contract. Didnt make that mistake again. 😒😒

Found out later that the company failed, declared bankruptcy. Felt pretty happy.

In the old days switching accounts was as simple as logging out and logging in

Now, logging out redirects you to 20 different pages, doesn't redirect you to the original page, and sometimes it doesn't even log you out

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

When you redirect every movie link to XXX links on your rip-off netflix school project and nobody suspects a thing

My friend and I have been debugging this server issue where the server can't find the input file.

30 minutes passed, we checked, restarted everything, still no avail.

When I saw his safari browser, THE FULL URL WASNT SHOWING. The server was working, we just didn't see a redirect behavior because of apple fucking trying to fucking prettify everything.

GOD DAMMIT.

/rant

Meet 'SBI Online' app from Play Store, in their own words:

What they were supposed to do?
"Experience the new Retail Internet Banking of SBI"

What they do?
"SBI online app will redirect to SBI Retail Internet Banking (online SBI) site"

Why do they have app?
"No need to remember URL",
"Less memory space required on device"

App storage space?
F**king 2.6 MB, just to redirect users to their website, in third-party browser.

Devrant is the only Social Media interaction I have been using lately, rather than others. Every time I feel the urge to open other social media apps, I redirect my actions to Devrant.

deadmau5 exclusive on tidal streaming.

Fuck, okay.

*Sign up*

>> enters email, password
>> redirect to different signup page
>> enters email, password
>> redirect to original signup page
>> ????
>> enters email, password
>> redirect to second signup page again
>> ????????????
>> try to login
>> enters email, password
>> nope

>> listen to preview of album
>> please enable flash
>> okay, fuck you, deadmau5.

FUUUUUUCCCKKK, now the websites have new features, where no matter how many time you try to go back from their website, they will redirect back to their SHITTY FUCKING WEBSITE. FUUUUCCCKKKK YOU

When I call another dev and he give me another dev's number and the second one give me another and that one gives another num. :
I feel like "ERR_TOO_MANY_REDIRECTS"

Realizing that the former so-called PHP developers based the entirety of their so-called dashboard framework (self-written of course) on GET requests.

Every. Controller. Only. Accepts. Get. Requests.

It creates stuff? So what! It does update? No matter! It deletes? Who cares!

Just call that URL, and it will release all hell, plagued with multiple side-effects, and then issue a redirect.

Of course that one delete button was inside some twitter bootstrap tabs, and due to the redirect the page always reloaded and the content manager landed on a very different tab. Meaning if they wanted to delete multiple records, they had to hit "activate tab" and "delete" and "activate tab" and "delete" -- rinse and repeat.

It's our *job* to make things easier for our users! Not to waste their time. (Unless you are browser game developer. Then do your thing.)

And we are talking basic CRUD! Basic CRUD! I am not even demanding for it to be restful or to have some parts of a HTML page being updated on the fly with such rad and new technologies like ajax!

There is just question I would like to ask whoever build this: Seriously!?

#7

The former dev tried to implement redirects. He created dozens of routes wich lead to a 'redirectXY' method within the 'mainController'. There he returned a redirect Instance.

😓🔨

TL;DR : do we need a read-only git proxy

Guys, I just thought about something and this potential gitpocalypse.

There is no doubt anymore that regardless of Microsoft's decisions about Github, some projects will or already have migrated to the competition.

I'm thinking : some projects use the git link to fetch the code. If a dependency gets migrated, it won't be updated anymore, or worse, if the previous repo gets deleted, it can break the project.

Hence my idea : create some repository facade to any public git repository (regardless of their actual location).
Instead of using github.com/any/thing.git, we could use opensourcegit.com/any/thing.git. (fake url for the sake of the example).
It would redirect to the right repository (for public read only), and the owner could change the location of the actual repository in case of a migration.

What do you think ? If I get enough ++'s, I'll create a git repo about this.

Websites that redirect you to a custom /404 page after you've typed their way too fucking long URL and misspelled a single word deserve to be nuked from orbit.
Holy fucking shit, why is this a thing? Has this ever helped ANYBODY?

My boss says to me this morning.

Boss: Can you add these links as a redirect 301 to this link.

Me: Ok, I'm not the developer for that domain but I guess I can do it. Let's try to update apache htaccess for that domain through my account.

(After a swift ssh connection to the server to check out that domain.)

Me: Er...boss, we don't own that domain. We cannot redirect it's links to our other domains.

Boss: Why? What do you mean?!

Me: well if we don't own that domain, than it is not on our server and we cannot update it's server config files. So we cannot redirect that domain to our other domains.

Boss: Are you sure?

It went on like this for a while. I had a laugh break after.

I wonder if it's legal to intercept and redirect a drone hovering around your private property..

My mom got infected with one of those stupid you have a virus redirect viruses. Malware bytes isn't useful.
To make matters worse it doesn't redirect in Edge, so she's forced to use Edge until further notice.
It's going to be a long week.

Also I don't have much experience with Windows viruses especially these redirect ones, so yay!

Hell is not enough for people who create scripts that forcefully redirect you, while scrolling.

EAT A SPIKY CACTUS FOR EVERY DAMM TIME I HAD TO HIT THE BACK BUTTON BEVAUSE OF YOU

The layout for my little side project was working fine in IE last week. Made some server side additions over the weekend and now the layout is broken... in IE only. Guess who's putting in a user-agent redirect to a "Works best in Chrome or Firefox" page? 😉

Redirect that crossed my path today

My idiot friend nearly destroyed his install because of me.

He was complaining to me about some program he was running in terminal writing too much lines to terminal he didn't care about.

So I wrote to him verbatim:
"Just redirect the output to /dev/null by running it like ```cmd > /dev/null```.
Or better yet do ```cmd > /dev/sda``` it will be more fun ;)"

Three minutes later I get a screenshot from him where he's trying to run ```cmd > /dev/sda```, but it keeps saying Permission denied. He's tried to use sudo in the screenshot like million different ways.

Thank god he doesn't know how to use sudo with redirects...

I took like 3 years to my company to get this huge-ass client to ask us to remake their website (the client is already our client for other purposes).

The old website was hosted on their local machine, behind a proxy that was there for other 30 website servers.

The old website took like 30-40 seconds to load on a browser and had a google score of 3-6/100.

We made the new website in wordpress, since it was basically a blog and managed all of the older links to redirect to the new pages so that SEO wouldn't get affected.

We then asked the previous developers to let their domain redirect to the new one (it was like example.com => ex.example.com and now it's just example.com, so we needed them to make ex.example.com redirect to example.com).

What they did was making a redirection to the 404 page of the new website, making everything go to fuck itself.

Damn this might be the first time I despise other developers, but this move was fucking awful.

I mean, I get it, we stole your big client, but it's not our fault if we made the google score go up to 90/100 in a week just by changing server and CMS.

Get an email from a client, who has been stringing me along for about 6 months, but ringing me up for advice on tonnes of different shit for free. Basically did his original website but his business model has changed to make his existing site irrelevant. Suggested months back doing a simple one pager as a stop gap with key messages. The bastard said no to that "just take it down for now and redirect to my LinkedIn page". He keeps saying we are getting stuff together and we hope to get together in September. However, yesterday he sends an email "we are getting a student in over the summer (not a Dev or designer or anything). Could you recommend any "web builders" so we can get on with the website in August. By that he means those drag and drop fucking pieces of shit website templates full of wysiwyg editors for creating shit typography. I give them free help and guidance and they think that I'm not going to want to smash him in his fucking face for his last email. The cunt.
I have an idea for 'having the last laugh' but I am open to suggestions from some devRanters, all legal of course.
P.S. I post quite a bit here about shitty clients, but I do have a number of really good clients who value my work and experience and have been with me for many years. It's just some that treat the profession with disdain and that they can easily do it themselves if only they had the time. These fuckers then wonder why their businesses fail.

We are required to use corporate SSO for any authenticated internal websites, and one of the features they require you to implement is a "logout" button.

They provide a whole slew of specifications, including size and placement/visibility, etc. They provide an SSO logout URL you must redirect to after you take care of your own application logout tasks.

Makes sense... except the logout URL they provide to serve the actual SSO logout function broke over 3 months ago, and remains non-functional to this day.

Apparently I'm the first person (and perhaps one of the only people) who reported it, and was told "just not to worry about it".

So, we have a standing feature request to provide a button... that doesn't actually work.

Corporate Security - Making your corporation _appear_ more secure every day...

Fucking Square Enix Website is just a huge pile of shit. NOTHING WORKS!

Wanna change your password? Nah sorry an error occured.

Wanna change your username? Nah sorry I'll just show you a loading symbol forever.

Wanna add a game to your collection? Nah sorry the "add" button is on fucking holiday and doesn't do anything.

Wanna change your avatar? Nah sorry I'll just redirect you and don't do anything.

Most amazing part is where you log in, then get redirected to the home page but it still shows the "Log in" button. Then you click on that "Log In" button and wosh! Home page reloads and tada! You're logged in!

Seriously who let this code into production? Also I know that you're using GraphQL now, due to an error message. Thank you!

Fucking bullshit...

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

One of my websites is under a brute attack.

If I were to redirect failed logins to an illegal website (drugs, child pornography, terrorism support, etc...), will the feds come after me? Or will they go after the attacker?

What do you do when your redirect doesn’t go where you tell it?

Clearly I’m missing something.

I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:

`return redirect_to new_user_session_path`

I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.

But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!

I think what I’m missing is my old reality where things made sense.

Hey, what really makes me want to download your app is when you redirect me to the download screen of it when I'm in the middle of a task. That's great. Keep doing that.

I always use this quick redirect function on my projects:

function go($location){
header("location: ".$location);
}

Here’s how my Friday night is going:

def signin
if should_not_sign_user_in?(stuff)
return redirect_to :nope
end
# signin logic
end

The guard says I shouldn’t sign the user in. It logs the details of why. I read the logs; they’re all correct. It logs the return value, which is false, and the user gets signed in anyway.

Wat.

There’s a return and a redirect there!

This is only happening on the QA server, too, so something fishy is going on.

What the fuck Microsoft !! Your android apps are total piece of shit! Fucking outlook Android app don't have support to view doc file which is created using your shitty Microsoft teams portal.

If I click on that doc file link through my outlook app, you redirect me to chrome.
Ok that's still acceptable. But the real shit starts now. You tell me that your browser isn't supported! Is this fucking joke?? Who in the world develops a website which can't support latest version of Android chrome?
Now that I have installed your shitty Microsoft teams app, it doesn't show up in "open with" options. Clicking on that link is still redirecting to the chrome saying that browser is unsupported.

Also, your shitty Microsoft teams app can't edit fucking doc file. When I click on your Microsoft word icon, You again ask me to install Android app for Microsoft word.
Seriously fuck you Microsoft and your shitty apps!

Just did something hackerman-ish! 😎
Since a lot of new iPhones are out after the XR, Apple "removed" the page for iPhone XR and redirect to the /specs page. I tried adding /index.html to the url and tada! :D hahah "I'm in!"

Any other ways I could've gotten to this page? I was going to try the sitemap and the web archive.

That moment when you click a Google link at the same time your code finally launches your app ... and you say "Hmmm, how did Google redirect me to localhost:8000?"

So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.

Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.

Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?

I suggest that .c0m should always redirect to .com

Change my mind.

Spam assassin kills most of the spam I get before I see it. It works pretty well. However, I started getting a fuck ton of spam from some asshole on a Turkey server. You cannot forward spam to the gov anymore so what to do (They use a honeypot. Apparently it doesn't catch everything.)? Well I got the abuse email account address for the server. Then I went into my servers spam filter for the email address I am having issues with. Then I redirect the email to this abuse email address. Then I delete it from the server. This makes it so my email client never sees the message and I automagically notify the abuse account. If the abuse account is owned by the spammer then he is just filling up his own server with shit.

Anybody else have fun or interesting ways with dealing with spam the regular filters don't catch?

So let's talk about CNAs, Captive Network Assistants, these downsized browser that open on Smartphones when you try to login to a free wifi which requires you to buy sometging or accept some terms.

I fucking hate them. I'm a web dev which has to deal with these dumbfucks.

Back in the time, there was this dumbfuck who had the idea to capture http requests on network level and response with a redirect to his own landing page. Fuck this guy. Then some dudes had the idea of the CNA as a privacy security feature. A good idea. But also this guys: "hey, let's make them a huge pain to develop for".Fuck them, too. But then came the companies saying: "hey make us a huge SPA with all features we can think of for this fucktard of a browser."

I hate fucking CNAs

Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.

You never know pain untill your website redirect is working on edge and not chrome... Yet it's all google hosted...

*Eye twitches*

When writing code that has to be evaluated by a college prof, redirect all the best practices to /dev/null

Yesterday I helped in a college final project. To be done using PHP and MySQL.

- they were taught to create a login page and when submitted just check the values against username and password from DB table and redirect to a dashboard page. No session created.
- in the dashboard, session is not checked. Shows links to other pages.
- each page is a separate php file
- the app allows users to issue books to customers. They were taught to delete the book from book table and save all the info in issue table, when a book is issued
- when a book is returned, book info is saved in a return table and also saved to book table again and deleted from issue table

I asked this student to change it to the right way, to use sessions and includes. He said that then the lecturer would know, he didn't do the project. It's a diploma level course.

MOBBING DICTIONARY - 2 -

Sentence
(behind the back)
- he/she has no time, don't tell him/her these problems, don't speak with him/her, just speak with me

(explicitly)
- you have no time do this!. Let me/somebody else do it.

Purpose
- cutting the target out from the rest of the team. Redirect all communication in order to shield the target.

Result
He/she will loose the general vision. He/she will not understand anymore what the problems are. He/she will loose relevance and will not be able to manage his/her own time anymore.

He/she is probably working a lot, and doing a lot of effort. He/she will probably know how to use the time, and he/she needs the team to help with task no take the task out of him/her.

He/she will slowly burn out, specially if he/she discover that such things are happening behind his/her back.
The situation will add psychological problems to technical problems. He/she will be crushed to death.

Google documentation sucks!

Lack of practical examples. They show us very simple example like clicking on button and then straight away redirect to API docs.
Wait, let me at least understand how things fit in together.

Me: Hey google where is step by step guide, at least for setup?
Google: We don't do that here!

What the f*ck Microsoft, you made me go trough whole shitton of troubles just to play a music into microphone so I can play music in VRChat while pulseaudio in Linux can redirect the audio without any hassle. You total piece of shit!

About 5 years ago I worked at a small company developing websites and .NET applications.

They haven't changed any passwords which means, I still have access to ALL of their customers DNS setups.

Of course I wouldn't do anything.

But just the thought, that I could make an infinite loop, by redirecting the domains, is amazing.

Or redirecting them to a porn site.

A Client's hotshot webmaster just asked us to provide a JavaScript 301 redirect script for a CMS we don't own/have admin access at all.

"Must be 301 style for SEO benefits... "

So, hows your day going? 🤣🤣

if($user->dead()){
$user->redirect('heaven');
}

I used to work in a Tech Support department where everybody was constantly pranking each other.

In one of the iterations of such events one of the guys actually forked the source of a login page, in one instance of the app that was running in a VM, and edited the code so it would redirect the user to a lemon party'ish website.

It was quite an upgrade to the old M.O. where people would just email themselves messages with seemingly bureaucratic call to actions containing hyperlinks to the same lemon party'ish websites.

And the most direct approach, which is to type those directly into one's browser if the laptop is left unattended & unlocked due to a trip to the toilet.

Our Joomla-based site just got a redesign. The developer who did it did something wrong. Articles no longer are attached to their parent categories and are now all referenced at the root level in URLs.

I pulled up the 404 log and now see that some website or bot or whatever is hitting up each category for each article, which screws with our SEO 404 report in Google Search Console.

Which means I have to find a way to programmatically redirect every article within every category "up" a level to the root where each article is now found.

And I have no way of knowing which article belongs to which category anymore. Even if I did, a test shows that articles attached to categories still want to come up at the root level, not in their categories.

Joomla is G.A.R.B.A.G.E.

When you're web scraping and the site suddenly redirect their url to their second site so your codes becomes useless.

For all the cheap-ass sys admins:
I wouldn’t pay 100$ a year to apple just to have push notifications when my server fucks up or an user fill my support form but I want to know that in real time but I have iPhone(forget about FCM).

So I downloaded pushbullet to my phone and integrated its API in my server and when something important happen I get completely free notification which (thanks to url schemes in ios) redirect me to my server administration app.

Note: I used xamarin for my management app to be ready for the moment when I switch back to android.

Webdev, I should send a form to a site that gets the results and redirects back to the webpage that stands in an invisible form data (very weird!).
Okay, I did...
When I was finished the site didn't redirect to the URL I gave in the form, instead it showed parts(!) of the webpage's HTML.
Okay, I was a little bit surprised and mailed the dev of this weird thing. He answered with this:
"In this Internet thingy, you know, URLs start with 'http://', it's the newest shit!"
Holy shit! Is he serious!? Who the heck programmes such a site that needs a 'http://' in the beginning? (Does this guy know about https?)
And why, why!?, did it show contents of the target URL's site if you give it one without http!?

I, I will go now and get a mild tea, yeah...

414 rants since your last visit,

Alright devrant, here we go.

> client adds a home button to the subdomain
> asks to add a feature from which user can come to the homepage of subdomain
> naturally, add "/" in the href of the home
> client gets frenzy
> "that home button was supposed to redirect users to the main domain"
> I'm like wtf bro
> anyways adds another home button to redirect to the home of the subdomain.

now let's see how confused the users get

Bruh, imagine paying taxes for a site that literally throws a cryptic error message, instead of telling you "Page not found", because those retards literally redirect to /Account/Login after successfully logging in.

Even better, most people here are don't understand English well enough to understand what is going on.

And I pretty much doubt an admin has been informed...

Literally redirect domain name to heroku app.

Let me rant! I don’t usually do this but this is just frustrating and draining. Please tell me if im wrong. We have authentication that needs to be refactored. I was assigned on this issue. Im a junior btw. I also attached an image of my proposals. The issue of the old way of our signup process is that when validation fails they will keep on accepting the TaC (terms and conditions) and on our create method we have the validation and creating the user. Basically if User.create(user_params) create else throw invalid end. (Imma take a photo later and show it you)which needs to be refactored. So I created a proposal 1. On my first proposal I could create a middleware to check if the body is correct or valid if its valid show the TaCs and if they accept thats the moment the user is created. There is also additional delete user because DoE told me that we dont need middlewares we have before and after hooks! (I wanted to puke here clearly he doesn’t understand the request and response cycle and separation of concerns) anyway, so if middleware is not accepted then i have to delete the user if they dont accept the TaCs. Proposal 2. If they dont want me to touch the create method i could just show the TaCs and if they dont accept then redirect if they do then show form and do the sign process.

This whats weird (weird because he has a lot of experience and has master or phd) he proposes to create a method called validate (this method is in the same controller as the create, i think hes thinking about hooks) call it first and if it fails then response with error and dont save user, heres the a weird part again he wants me to manually check on each entity. Like User.find_by_email(bs@g.com) something like that and on my mind wtf. Isnt it the same as User.create(user_params) because this will return false if paras are invalid?? (I might be wrong here)

This is not the first time though He proposes solutions that are complex, inefficient, unmaintainable. And i think he doesnt understand ruby on rails or webdev in particular. This the first time i complained or I never complained because im thinking im just a junior and he hs more experience and has a higher degree. This is mot the case here though. I guess not all person who has a higher degree are right. To all self thought and bachelors im telling you not all people who went to prestige university and has a higher degree are correct and right all the time. Anyway ill continue later and do what he says. Let me know if im wrong please. Thanks

I love tracking down the source of a redirect!

5 hours later....

This asshole is out of his fucking mind if he thinks I am going to waste my Friday night waiting around to update a URL on the employee intranet.

News flash if it’s a tool people use everyday they have it bookmarked. No uses the fucking employee intranet because it’s old and it sucks.

You get a list of the users and email them telling them of the update if you are too dumb to figure out a redirect.

I just remembered that 2 years ago I found an open-redirect vulnerability in one of Google's old pages.

I decided to not submit it to Google because it's too much effort (even though I knew they pay for these things) and told about it to a friend who deals with these things.

I was SO. DAMN. STUPID.

So, it's been a while since I've been working on my current project and I've never had the "luck" to touch the legacy project wrote in PHP, until this week when I got my first issue.

And damn, this goddamn issue. It was a bug, a very strange bug, that only happens in production and that nobody has any idea what was happening, so yeah, I didn't have anyone to ask and I got less time than usual ( because Thanksgiving ).

And thus, I have no starting point, no previous knowledge on PHP and less time! I expected a very fun week 😀 and it was beyond my expectations.

First I tried to understand what might be causing the issue, but there wasn't any real clue to star with, so no choice, time to read the flow on the code and see what are they're doing and using ( 1k line files, yay, legacy ). Luckily I got some clues, we're using a cookie and a php session variable for the session, ok, let's star with the session variable. Where it's that been initialize ? Well, spoiler alert, I shouldn't start with that, because my search end up in the login method of the API that set a that variable and for some reason in the front end app it was always false and that lead me to think that some of the new backend functions were failing, but after checking the logs I got no luck.

Ok, maybe the cookie it's the issue, I should try open the previous website on the brow...redirect to new project login, What? Why ? I ask around and it's a new feature push on Monday, ok I got Chrome Dev tools I can see which value of the cookie it's been set and THERE IT WAS it has a wrong domain! After 2 days ( I resume a lot of my pain ) I got what I've been looking for, so now I should be able to fix the bug. Then where is the cookie initialized ? In the first file the server hits whenever you tried to enter any page of the app, ok, I found the method, but it's using a function that process the domain and sets it correctly? wtf ? Then how in heaven do I get the incorrect domain ? Hello? Ok, relax, you still have one more day to fix this, let's take it easy.

Then, at the end of the Wednesday, nope I still have no clue how this is happening. I talked with the Devops guy and he explain me how this redirection happens and with what it depends on, I followed the PHP code through and nothing, everything should works fine, sigh. Ok I still have 2 days, because I'm not from US and I'm not in US, so I still have time, but the Sprint is messed up already, so whatever I'm gonna had done this bug anyhow.

Thursday ! I got sick, yay, what else could happen this week. Somehow I managed to work a little and star thinking in what external issue could affect the processing, maybe the redirection was bringing a wrong direction, let's talk with the Devops guy again, and he answer me that the redirection it was being made by PHP code, IN A FILE THAT DOESN'T EXIST IN THE REPOSITORY, amazing, it's just amazing. Then he explained me why this file might be missing and how it's the deployment of this app ( btw the Devops guy it's really cool and I will invite him a beer ) . After that I checked the file and I see a random session_star in the first line of the code, without any configuration, eureka ! There was the cause and I only need to ask someone If that line it's necessary anymore, but oh they're on holiday, damn, well I'll wait till Monday to ask them. But once and for all that bug was done for ! 🎉

What do I learn ? PHP and that I don't want any more tickets of PHP 😆.

This literally happened in my current team, and I'm not even an experienced dev yet.
Incident happened like this :
Our team is working on a RCP based on eclipse plugins, which has a headless mode and a GUI mode. Now, in the GUI mode, my manager cum architect thought there are no need of user log files (long story) because the user can see the info on screen, whereas in the headless mode, she wanted me to print the logs onto the console and a log file as well.
Now it just so happened that our team had got a recent addition as a replacement to our lead developer (she left the company) who claimed she had 3 years of expertise and a masters degree, and she was assigned a task. The task was to format a custom file we were generating out of the product (basically dumping info in a file) in a human-readable format. Miss new-addition-masters-degree decided it would be a very good idea to redirect the standard java output stream to a file output stream ( which she used for generating the formatted file ) but somehow never realized that she needed to reset the output stream back to standard output.
Consequences were devastating. I wrote the logic for the logger ( yes, apparently any available logging mechanism won't do it, again, long story ) and had it printing to a file in tmp directory. The logs seemed to be working fine initially but after a few logs, specifically from the point where the formatter started working, all the logs got printed in the formatted file. And this file was supposed to be used by our clients to develop something on top of it. Naturally, I got the heat of it and then naturally, worried and nervous and curious and in a frenzied state of mind, I started debugging.
When I got to the actual fault, I seriously could not decide whether to cry or laugh or call up miss masters and scream at her. I decided to ask her about what the hell she had written and her answer was most of it was written by the developer she replaced, so she didn't know it would cause this much problem. Anyway, I fixed the leak after that and averted the catastrophe.
And that, fellow devs, is the story of how I solved a crisis in my first year at corporate.

This weeks question fits me well, as I am still unsure about the full details of how the fuck this all came together and was about to just rant about it anyway.

Ever since this companies network equipment and cabling has been updated, a lot of vital tools went down and bug out every now and then, at seemingly random times.

The codebase is a horrible mess to begin with and random things execute at random times and at random places spread all over different resources that get random hooks from random physical values etc.

Turns out (or at least what it so far seems like) all of them somehow sync their clock and other variables based on how many (valid-?) requests it gets per measured time and similar oddities, so when the network equipment got updated, that meant that multiple processes now could reach each other much faster and therefore threw off thousands of values and internal clocks.

There's a total of like 600 systems that are all "separate" from each other but all need to communicate in-sync for the production chain to properly work. Thankfully I didn't sign anything yet, so might actually just redirect them to somebody else, I am not ready to age 20 years, even for the amount that would pay.

Welp, who wants to see my first website? tiny.cc/copo
It was made almost entirely during english class, for blocked games. It's the most hits I've ever got one a site I've made. But the best part? I achieved my goal: respect from the teachers. And why did they respect me? *Because it got blocked*. Yup, across the entire county (our county is one of the top five in the USA for schools I believe). We, as the students, found a way around the teacher's technological control, and finally got some technological freedom. Just a small story.
P.S. not named by me, and sorry bout that JS redirect. I redesigned it while I was supposed to be writing about the theme but the original is couchpotato not cppremium. I can't change it now but I'll change it later. I trust you guys know how to stop it without me changing it though :)

Modifying .htaccess for WordPress multisite so that my custom url(slug) will redirect to wp-login for security reasons.
It is like performing a neuro surgery where the slightest of mistake will get u paralyzed.
I have already reached a vegetative state..
I wonder what more damage I could do? FML.

I'm thinking about creating a central login system for all my websites, where you get redirected to and then login/sign up and then be redirect back. A bit like oAuth.

I have a few websites (and more in development) that use a login system, so that could be really useful to have... Especially because all of them are built from scratch and have their pros and cons. And security wise it's easier to concentrate on one system instead of all of them.

Another benefit is that you save some DB space, if you have lots of users!
And of course the users benefit from it as they'll be able to use all my websites with a single account.

What do you think about it?
I'll still need to do a bit of research on security but other than that, I only see benefits!

!rant but wondering,
this time I did not get my self blocked out of my server lol
But I have set up nginx to receive url then redirect to another server, my question is:

I ran tracert on the url but it ended on the nginx server, is there a way I can find out if my nginx IP is forwarding?

I have a webservice on server z, and nginx on server x, tracert end at server x, so does dev tools in chrome/firefox they show host ip header as server x. Is there a way where I can trace my call to server x if it is forwarded to another server?

I know I'm forwarding it, but if someone wants to know, can they?

I'm not the product manager. I'm not the leader. I'm not even in a lot of meetings. Why my colleagues ask me about product/development decisions?

I appreciate they about wanting to know my opinion, but when they come in a rush it is a bit stressful.

And I am not paid for that.

It might sound about selfish, but the reality is I am not one of those roles (and my salary neither) to avoid exactly this.

Whatever.

At least I can redirect them and not lead with the sublaying reasons of the doubts.

I'm confused... where am I supposed to be going again?

if (userInfo.isAdmin) {
return (<Redirect to="/my" />);
}

if (userInfo.isSuperUser) {
return (<Redirect to="/my" />);
}

return (<Redirect to="/my" />);

From today, I'm gonna post infrequent-devLogs of the project i am currently doing, I have been thinking about it the past couple of months, and I am finally moving it into action!

I wish writing devLogs will make me to finish the project, at least a working prototype.

It is a C# block coding application that is made in 100% C# that generates human-readable C# code for C# begineers.

If you want to follow me along, make sure to subscribe to my rants by going to my Profile (cozyplanes) > More icon in top right > Subscribe

All devLogs posted directly via devRant API integration from CZedit, a simple edit program for geeks

=========================

devLog #0 - Block coding in C#

Done:
- Made the console output to redirect to textbox
- Ability to save output to external storage

WIP:
Compile C# code directly at runtime with Roslyn

Notes:
open-source??

I feel like crying because I couldn't configure ERPNext on windows (Virtual Box). Damn thing showed this error "Already Registered, There were problems" and redirect me to homepage.

Hate this when there are no error codes or no proper documentation.

Tried every possible solution in past 4~5 hours. I'll sleep

The old method of how to deal with semi close friends needing support still works:
1) Redirect their call to voice mail.
2) If the mention computer problems, ignore them for now.
3) Call back in at least 4 hours. By then, they've probably solved it using Google.

(Why "semi close friends"? Because if they're close, I take their calls and if they're not close, I'm not their free support service. And if they're close and want a lot of free labour, they'll soon find themselves distant.)

OK.... I don't mind ads but when I'm on a mobile device n you just redirect without opening a new window...

You leave me no choice... You just earned 100% IP level blocking.

!rant

Anyone here experienced with Route53?

I have a small issue I'm trying to think through on how to achieve with minimum effort and maintenance, essentially set once and walk away and never care about it again solution.

Basically what I have is:

sub.domain.com

and I need to get it to redirect over to

otherdomain.com/folderToGetTo/

Using a 301 would be ideal but how for the life of me do I go about serving a 301 redirect over a dns entry - short answer is I can't unless I'm missing something!

Both domains are owned by the same company so no issue in hijacking a subdomain... well besides internal politics but that's just another day 😏

First thoughts include setting up a S3 bucket with hosting and forcing the dns to that and then, redirect out of the bucket... seems overkill but will work.

Hoping to find a smaller solution that I don't have to justify a S3 bucket being used for a single file - audits suck alright🤷‍♂️

Oh and setting up a redirect at the originating domain will take longer then it's worth to setup and get approvals for so not worth the effort internally.

Yes I will accept "fuck off @C0D4" as an answer.

it was the last time i used PHP for an school project. i and an other group decided to make an website. it was luck that no input was required. Because i already knew PHP and HTML i need to help them. the code they made was the cause i quit php. the site only worked after an redirect. it was irony that tje code looked like it was written from a junkey and the theme was drugs.

=\

Wanted to share a devrant post to a non-dev friend. Sent URL link. His phone sends him to the app store to download devRant. Can we not?

!rant

I don't know if we already had a weekly rant about petty revenge or anything, but I did just pull some petty bullshit maybe 30 minutes ago.

A couple people I know are trying to start a clothing brand (think I posted something about it on here before) and asked me to build the website cause one of them found out I write code. (Well, he asked if I was good with computers and I told him that I am, and he basically said "you're building our website then")

Basically these people are..not good people. One of them has a history of sexually harassing girls (some of which are really close friends of mine), the other one is basically following in his footsteps. They also like to go to the parking lot of an elementary school (the one that my little sister goes to actually) and get high.

Both of them have fucked me over at some point in the few years I've known them. And so now my silent indirect petty revenge begins. Earlier I bought the domain name for the online store they're trying to (make me) build. Considering having the site redirect to a gay porn site.

One of them is currently getting into shit having to do with drugs, which is not my doing, but I can probably find a way to get them into trouble. Especially the fact that they're doing drugs in the parking lot of an elementary school. That shit's just fucked up, no exceptions.

Anyone have any suggestions for shit I could do to them?

Every once in a while, I find myself having to redirect both stdout and stderr to a file (or to stdout) in bash. Every time I have to Google it.

somehow the time period of 3-6 months is the burning point for me in every company. previously i thought its because i was an intern or i was at college, but now all thee factors are removed, i am an sde1 but still feeling exhausted.

initially i was treated as company's favourite kid. 2 different seniors would assign tasks to me , those tasks would be very straight forward and they would be like "hey ywtf , your task is this, this will make cause this behavior. you have to check file abc line 111 and change this value to this."

everything was a breeeze. but slowly the independence came. I got enrolled to a jira board. i started getting tickets for totally random parts of codes that i never touched before. my senior had left, so other guys and tech leads were my only hope. they would explain me very briefly about the old code only, like say i had a task on payments, then all i would get to know will be what our payments systems are and which folder to check (a folder could have 15-20 files).

moreover my code was rarely checked before merging. so if qa said my code's working fine, it will get merged. Our QAs are idk good or bad, but it has always been like, the bugs for a particular task in a particular sprint are being identified and raised at 3 or 4 sprints later.

I am feeling extra responsible and unsupervised. We have these streams where i am one more guy( whose senior than me, but does not behave like senior at all) are the only 2 devs for mobile.

I used to be happy picking tasks of various unknown sections ,like payments , authentication, architecture etc, but now i feel scared because i am going to work on a task for 10 days and then i will be responsible for this forever. they would redirect all bugs and tasks related to that feature to me, the guy who gained knowledge about it by random exploration and without supervision.

and all of this is making me feel shit. i need some fucking relaxation

i might not have ssh access to live instances but i can redirect live traffic to test instances and debug my shit there!

... no but i really do that

Logging into my schools blackboard using selenium is only redirected on school WiFi

Outside school WiFi I go directly to the site. But on the school WiFi it pauses on a redirect page with a link that loops back to the redirect when grabbed by selenium And selenium fails

Fucking hell

>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed

why and how did that fucking work

I hope there's a special kind of hell for project leaders / execs that make the decision to take down the documentation for older versions of a software.

I know we should have upgraded a long time ago, but come on. I have no clue what's going on now, and not much to go on either! All the documentation links in the configurations just redirect to the project's github repo, and I sure as hell am not going to read the whole source code just to find the possible logic behind the issue!

Ugh... Days like this frustrate me so much...

Google's Testmysite is piece of shit.

Tested website got 6-7 sec, then built Mobile page and set redirection for mobile users.

Tested Mobile page got around 3-4 sec then tested homepage (which just redirect Mobile user to mobile page) it got fcking 6-7 seconds

FCK you Google, page redirection should not be considered in YOUR FCKING speedtest.

Bug Report:
Collab link posted in Rants doesn't redirect to Collab posts.

Am I missing something here? Lets Encrypt auto renews SSL every 90 days....BUT it will fail if you have .htaccess re-direct set up to https. So you would have to switch off the https redirect, manually renew, then switch it back on again. Thats fucking crazy. I can’t find a way round this. The hosting co set this up but are encouraging people to buy one of theirs when the renewal fails. a cunning plot to get more of their own SSLs. Any ideas?

Hey, privacy guys, I've recently decided to switch to DDG, and I just came across this DDG browser addon. It promises things like
"block all the hidden trackers", which is what AdBlock can also do, "force sites to use an encrypted connection", which makes no sense since most websites using https will redirect to https automatically, "Search Privately", which is already supported by them without installing the add-on, and "Decode Privacy Policies" which is the only feature that seems to be useful. Should I use it?

fuck the overengineered bulshit that ZF2 is... fuck crappy mvc in web, fuck shitty design, tuck events, fuck 'security feature' that obfuscates the fucking redirect login/logout urls fuck not having your full link, but just the path everywhere, fuck whitelabeling, fuck somebody's sister, fuck me and fuck you....

Ever mistype a 301 redirect?

A friend asked me a few days ago if I could maybe be interested in making their small company a website and accompanying CMS, because none of the out-of-the-box solutions seem to suit their needs. I agreed to think about it - at least let's see what the requirements are and so on, and see if I could and should do it or maybe redirect and point them to a better direction. Always help a friend in need is my motto. And to clarify, with these people I can be sure they're not considering this a friend favor (i.e. doing something for free, or for really cheap), but these people tend to be willing to pay relatively well.

But to the question: I've never done freelance work on this field - I have absolutely no idea how to evaluate the value of my work, e.g. how much should I ask? And what are the things I should take into account and think of differently versus being on full-time payroll in some company?

Visual Studio Code is a joke.
it's always auto update but always fail and then delete itself.
When i ask what happened or post a discussion on the official site they close it and send /redirect it to fucking different issue like changing language code or adding extension while the real issue about auto update failure is ignored or discarded/deleted/closed without solving anything

I need help to share this to everyone until they fix this shitty perfomance

ps: i always need to redownload that fucking visual studio code everytime it has update

Clicked on a apple podcast linked in Gmail on iPhone, which sent me on a redirect journey through time and space, by the time I am back to reality, peace has been restored in Narnia.

So today I thought to polish things on a former colleagues code. I noticed he wrote JavaScript inside PHP file to redirect header to another URL. I don't know what the fuck he was thinking. Why didn't he used PHP Header to redirect the URL why JavaScript?

I despise news sites that redirect you to the mobile homepage instead of just showing you the article you actually clicked on

Oh god I just experienced the horrors of returning 301....

Thank god it's not on production yet...

I spent hours setting up Laravel Valet on Ubuntu (virtual hosts with a custom TLD) e.g myproject.dev

I just found out why it was not working. Because fucking Google bought 100+ domains in the .dev gTLD and added them in Google Chrome Hosts as well. Now they redirect the url automatically to HTTPS.

Any ideas on a new test development TLD?
I was thinking .fuckgoogle but that's too long

How do you guys perform program tests or build your test env? Like redirect writing sqls towords private tables whilst keeping reading sqls towords to general test tables

I like to teach sites that don't escape HTML/js in input fields a lesson, and put in a redirect. Where would you redirect them?

I tend to go SFW, like redirecting to a competitor or the NSA.

I have a question regarding file redirects 2>&1 and 1>&2. I know that file descriptor 1 is std o/p and 2 is std error and that we're redirecting one file descriptor to another.

But why do we do it? What are their use cases? Wouldn't the file to which redirection is setup get too clunky?
Analysis of the file would also become a bit difficult. And wouldn't having errors stored in a separate file make it easier to interpret and fix them?

Just read that if you try to access stackoverflow.com/admin.php it will redirect you to a funny youtube vid

I recently received a text to a sketchy URL. In my curiosity I tried to see if I could get the source code from said URL without actually going there directly.

My first attempt I did this with apitester.com, a website that is intended for testing APIs but comes in handy for a quick URL test and seeing what gets returned. Next, I tried an official website dedicated to telling me if a site is sketchy. Finally, I tried to CURL the url with a variety of different headers. Alas, all these attempts gave me nothing. I know if I clicked on this link through my Phone it would definitely direct me to a sketchy website, but I just can't for the life of me figure out how their backend is setup to know what is a real request and what is not.

My Question is this; what is the potential stack setup that this person could be using that would disallow anyone from testing the URL and force them to redirect to google and any real request to redirect to the actual website?

When your redirect url passed as get parameter to 'secure' the login you pass bade64 envoded string with path, length and (salted) md5 hash ....

why God why you secure a redirect you do 302 to on success

Trying to explain to (a more experienced) dev why it's not a god idea to do a exec( php '/var/www/xxx >> /dev/null) and then redirect the visitor.

The script is running a query that take some time and he want's to redirect the visitor and then fetch the result with jquery.

Tried to explain parent and child processes and pointed him in the direction with pipes and bakground process. After some discussion about forking and all the cons with that.

yes its PHP ;)

Gonna be exiting to see his next idea :S

No, sorry you can't get a torrent link of the new version of the torrent client. But, we're happy to redirect you to our website and then reopen that client once we're done.

Fucking hate to explain basic shit to computer illiterate. Usually I don't mind, but right know I working on the project, want to automate one thing I need to do every morning, put two numbers to web page(I will explain details maybe in next rant). So I am only one who fix, buys computers, printer(for some problems I call for other repair man.). Generally speaking working as IT guy. Firm has like 50 computers, some of them has SCADA software. Some computers have Win 7, some win 8 and others win 10, can't upgrade those computers, not enough money(I can deal with this problem). And yes, computer buying is not the fastest, easiest thing too. Because is public firm, I need to do public buying(I don't know how to translate to english), and most of the time wins the lowest price, I am ok with that. But I can't on item specification write I want that model pc or it components. Example: I can't write I want intel processor, however I can write number of cores, frequency. But it's not that bad, usually i have template for all things I buy. One of the worst thing is this, our firm bought new bookkeeping software version, old version was using visual foxpro framework. Good thing I didn't initiate the purchase, because right know I would be jobless, not because I would be fired, but because our senior accountant would drive me crazy. In fact accountants drive me crazy, but I can handle it for now. As I wrote before our form has about 120 workers, major part of workers are old, like my parents age. (I am 28 btw. Mom is 55.). As you all know what happens if you say you work with computers. So our accountants are like 60 years old, got new program, don't know how to work with it, and they ask me how to do certain things. if I don't know how to I ask program's support, every question is like 90 Eur. So in short accountants expect I should know their work and how program works. If I try say something they don't like, they try to make my day hard. Next thing is our billing program. Man that worked before me done some payments import. And when I came everyone expect me to do that. Ok I did that because that people working with billing program would probably fuck it up. And I semi automated that, so I don't mind that much. Sometimes that program fucks up, like it happened yesterday, it send email invoices attachment without filename. Example: people got this attachment ".pdf"(no filename, only extension), And if you save it you need do OPEN WITH command and then select pdf reader or rename file (I don't know what easier). And surprise surprise our firm, customer support redirects all phone calls, emails to me. But I did explain to customer support what to say to people. Still they redirect it to me.
PS: This is my first job after school. I work as part time.
TL;DR Thinking my life, carrier choices. accountants are not the nicest people.

my worst mistake was when I was using Ansible with AWS tags and I accidentally termianted a server that had been provisioned to handle users authentication and redirect them to their proper applications.

Was debugging a php project (for a friend) the header(location) wasn't working for some reason, and I didn't want to go through his 1000 lines of code to see where the trouble was, so I just inserted JavaScript to redirect the page to a location he wanted.

Now he thinks I'm a genius😂😂

I have a windows vps with a server that I want to protect from DDoS and hide from outside world. Is there a way by using PHP IIS webserver on another vps to somehow whitelist ips or redirect only clean traffic to my windows vps?

JS/HTML QUESTION:

I wanna create a html page wich redirect us into a certain website and execute Javascript on the new website opened.

So i should use window.open i think, but how do i like execute js on this website after opened?

I've gotten started with web dev in the past and learned HTML and CSS and started learning JS but I never could understand what I could use for a code editor to practice and pretty much forgot all of that stuff. Now I'm trying to learn Python, but what's pissing me off is paying for a phone app that doesn't teach you to write code in these lessons, rather interactive multiple choice questions and "put this in the right order". sequences. This is not learning for me, this is informing. Which is info I don't retain. And If i'm paying for it why is there so little to these lessons? Barely covering anything. I've done every lesson Mimo had for python but it didn't really explain the practicality of what it was teaching me and they skipped a lot of shit. Changing the pace of the lesson from Print this and that and heavily explain the most basic stuff 3x over to only explaining the more advanced stuff one fucking time.

I would really like learning python while being walked through a project as a lesson. Teach the terminology, structure, application, process, rinse and repeat, and outcome all in one. With a project target to look forward to. I need a goal to keep my interest.

So far all I know about python is its a programming language used to create Youtube. And I'm trying to learn it because I keep reading that its the recommended starting line. But I need to be able to visualize what this code can be used for. Explanations in terminology I haven't been taught yet just frustrates me. And I read everyone's posts and see many people mention being frustrated, but I haven't even started coding yet. Feel free to comment and redirect me to page that can help. Links are appreciated. Nay, encouraged!

This had just happened, I was trying to increase the default timeout of an nginx running in a container for a proxy pass and always got a 504-gateway timeout response. I was setting proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout, send_timeout, keepalive_timeout, etc. and nothing worked, after two hours of adding and removing lines of configuration (and waiting 1 minute for every time I tried a request), then I realized I have a local nginx for redirect server names to local ports (the container), that nginx was the one that actually responds with the 504 error, after that I tried a request with the port of the container ALL WORKED!!!!

Which ons is less risky and which one Is most profitable to succeed ?

0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)

1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.

2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available

3- brute forcing admin password :/

4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)

5- any other way .

Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.

I need to have domainB show the contents of domainsA without redirect. Oh and its WordPress if that makes it worse.

Support just said "You gotta clone the website" but there's gotta be a better way.

It's cloud hosting from HostGator so I don't have access to virtualhosts.

! Rant

Recently received my ESP8266 and for bad or for worse quickly flashed it to use thingsSDK and espruino.

I have setup a webserver on it but at the moment you need to go to its local ip to see the page, does any one have tryed this before and overcome to redirect all requests to that page? Any ideas are welcome, i know this can be done easly with LUA but cant code LUA, yet...

Any startup founders/co-founders, I'm curious to know if there are any good serious websites that offer explanations on various aspects of running a startup and common pitfalls and the like. I've looked at some but I figure it would be best if anyone who has done it before could redirect me to something :)

i have a question. when a user logs in, the app should have the "logged in" effect. so when he tries to navigate go login page it should redirect him to home page. but how can the app know if he has logged in? should i store the jwt token in sharedprefs and check if hes logged in locally on the phone or is the backend rest api supposed to handle that (and how)?

it puts the binding redirect in the app.config
or else it gets the FileNotFoundException again

!rant
I am trying to write a program in c which forks a process and exec another program i wrote. I want to redirect output of child program to parent program then after getting that output parent will check some conditions and if they are true then it will resume child program and will do more stuff. I have successfully redirected output of child to parent using pipes then I wrote code which should be read in child program but it isn't getting read. I tried by passing pipe read and write ends as cmdline arguments to child program but it isn't reading. It is blocking at that particular point. Stuck for more than 5 hours at this. Can anyone help me here? Fml :-(

Msal.js. I give it 3/10..

The docs are duplicated, and in various states of out of date. Half the library seems to be undocumented based on how many edge case bugs I've hit, it offers a popup login but you have to have a set specified white list of urls you can launch the popup from which makes a popup login pointless...

Ontop of that my colleagues shat the bed on it and fucked the whole implementation including the azure b2c setup... We do not even have a backend app listed in the azure b2c apps. The redirect also won't work if you don't instantiate an object in a hidden iframe of your own website that fetches a token... This does not make life easy when you use a SPA framework and you have already implemented a whole pipeline abstracting the creation of this object behind layers dependency injection.. Nice.

After sifting through endless shit I finally have a solution. What a week.

MRW I deploy to production server and forget to add a server domain in "OAuth redirect domains" in Firebase.
Before that I was debugging for 6 hours without success.