Lysergid

Though in reality, management will push back any unorthodox approaches/solutions/approaches as risk and additional losses on R&D.

‘’’ Note: When I say “top-level” I am talking about the URL that you see in the address bar. So if you load fun-games.example in your URL bar and it makes a request to your-bank.example then fun-games.example is the top-level site. ‘’’ Meaning explicit creds won’t be sent. Even if fun-games knows how to send explicit creds, it can’t because fun-games does not have access to creds which stored for your-bank. Say suppose your-bank creds stored in local store. Since current URL is fun-games it can only access local storage of fun-games, not your-bank.

Thank you! I was always wondering why the heck this (mostly) useless and broken mechanism exists. I had hesitations about disabling it but had doubts about my understanding. Now I know I’m right

“Stateless” is not what “I” want, it is part of definition of REST.

Can do != what spec says you should do. You can also send clown version from the post but don’t be surprised people will find it… funny

Again, I’m not telling you are doing wrong. I’m telling you are mixing REST and RESTful web services

REST calls are same as in 2001. There is no REST 2.0 or REST 2024. Because REST is architecture guideline. It’s just more data sent over it today. HTTP code IS code. Why your system issued it is implementation detail and have nothing to do with resource representation. Examples you provided are not 403. “Too many users active” does not exist in REST because REST is stateless, closest you can get is “too many requests” - 429. Insufficient permissions is 401. I don’t even know what is “blocked by security” but sounds like 401 too. Regardless, you should not provide any details on 401 or 403 to client as it is security concern. No serious app will tell you “password is wrong” or “user does not exist”. Maximum what client should hope for is input validation errors in 400.

For those with “internal tool, I don’t care” argument - you either do not know what security in depth is or you don’t have 403 or 401 scenario in the system in the first place.

Now hear me out, you all can do whatever you want or need with your API. Have state, respond with images instead of error codes, whatever, but calling it REST is wrong by definition

Imagine how much more common this positive vibe would be if people wouldn’t need to spend at least 1/3 of their life trying to meet ends in competitive environment

At least they are not a tee pot

Why sit there 5 mins? This looks like normal city bus stop. Bus arrives at scheduled time, picks up passengers and takes off. I believe great ‘merica supper power nation can manage what Eastern Europe nations made happen years ago. Yes you may have few mins delays but it’s not a disaster.

If for whatever reason it must sit there for long time bust stop should be in a bay

I believe car drivers are capable of waiting 15 seconds while vehicle which most likely transports multiple times more passengers dropping/picking those passengers. Car drivers wait hours in traffic jams for themselves, can wait a bit for bunch of people in a bus

Crossings should be safe for humans and bikes. Meaning, they should be short and bikes should not be ridden across intersections if no bike lane

Better explain why pedestrian crossings are stretched so much instead of being on shortest trajectory to other side

Do you have to unlock? You can open wallet from blocked screen without unlocking phone