Why?

Using app.use('trust proxy', true) is likely too permissive, this post explains concretely why.

Example Applications

Consider two Express applications index-first.js that uses app.set("trust proxy", true)

const express = require("express");
const app = express();
const port = 3000;

app.set("trust proxy", true);
app.get("/", (req, res …

I've been load testing quite a bit recently. So far I've been impressed by the wrk project's use of sockets to pour on a ridiculously high amount of load. When I had stretched the system under load past its limits, finding the fortio project was a breath of fresh air …

In order to learn a bit more about how both the TCP and HTTP/2 protocols work, I recently created the tcp-h2-describe reverse proxy in Python. I was excited about some of the insights I was able to glean from the process, in particular a full example tracing a connection …

In my day job at Blend, I write a lot of TypeScript¹. One great feature of TypeScript is the ability to specify an enum with a finite set of values as a union type:

type Coordinate = 'x' | 'y'

which then gives compile time checking for values of this type …

First, let me say I'm not posting this to shame any company or language community. Getting to the scale Twitter reached in a short amount of time can quickly make past engineering decisions look foolish in hindsight. But almost always they are decisions made in good faith with the current …