SafeList | handles adding and removing elements | Widget library

The rack_attack gem offers easy safelisting of a static list of IPs for example:

I'm using NuxtJS (VueJS) with TailwindCSS and PurgeCSS. Until now, I was specifying complete CSS classes for colors like text-green-800, bg-red-400, etc. But when creating component it's not ideal while the color can be passed as a Prop, but it's also not possible to directly do bg-{color}-400 while PurgeCSS while remove the background colors not found.

So, I wanted to put those classes in the whitelistPatterns from PurgeCSS, allowing regex to protect some classes. This is what I've set up :

I would like to use purgeCss in my NextJS project. In the docs it says I should change my next.config.js to be like this:

I have the "full" 3.9 MB Tailwind CSS file and successfully applied PurgeCSS to reduce it to 9 kB. But it also purged all responsive classes like md:px-6, they don't show up in my purged version.

Note: this question is for using the command line interface (CLI)

This is what I did:

purgecss --css ~/Desktop/Projects/Flask/Project1/build/static/css/main.css --content ~/Desktop/Projects/Flask//Project1/build/**/*.html --output ~/Desktop/Projects/Flask/Project2/static/css/main.css

I chose to create the output file in a different folder (Project2) so that I could check on the input vs output.

One thing I tried is to add --safelist [/md/], but didn't help. In fact the safelist didn't seem to be used at all...

(I use CLI since it is part of a bigger Python Flask project)

I'm using purgecss to remove unnecessary css from my project.

I want to build a Single Page Application (SPA) and noticed the following issue during separation of backend API (REST) and frontend assets (static vue.js code):

When serving the index.html from another domain than the API backend, most of the POST/PUT requests trigger a CORS preflight request.

I did some research and found out that blog posts [1][2] discuss this issue - without giving a practical solution. Some headers (e.g. Authorization header and the Content-Type header with the application/json value) are not allowed as cors-safelisted-request-header. Thus POST/PUT requests trigger a CORS preflight request. This is not acceptable since it adds a considerable amount of latency.

Is it possible to avoid these preflight requests if both domains are owned by the same entity?

I did some research on how to avoid CORS requests between frontend and backend. The solution requires the index.html file being served from the same domain as the REST API backend (see Example below). I wonder if not using separate domains is the only solution to avoid CORS requests for SPAs.

• Single Page Application (SPA); frontend and backend layer
• hosted in the AWS cloud
• Layer 1: CloudFront CDN with an S3 bucket origin - serve static assets (Vue.js frontend) on static.example.com
• Layer 2: Load-Balancer with ECS integration which is running node.js containers to host the (REST) backend on example.com
• The communication between layer 1 and layer 2 uses the HTTPS protocol and the REST paradigm.
• The index.html is served by layer 2 and customers open the webapp using example.com.
• The index.html references the API by pointing to the same domain (example.com). It references the static vue assets by pointing to the CDN (static.example.com).
• The SPA consists of two parts: a) the public assets (.js files, .css files etc.) and b) the index.html file. The latter one is served by the same fleet of backend containers which also host the REST API.

[1] https://www.freecodecamp.org/news/the-terrible-performance-cost-of-cors-api-on-the-single-page-application-spa-6fcf71e50147/
[2] https://developer.akamai.com/blog/2015/08/17/solving-options-performance-issue-spas

If I create a safelist of branches in my travis config and omit a particular branch A (or equivalently if I put branch A into a blocklist), can I manually trigger a build on branch A? The plan is to allow broken code to be committed to branch A, but before merging back to a stable branch, do a ci test. I just don't want to see a bunch of failed builds. Maybe I'm saving some small amount of electricity for them. Also I don't to add a bunch of noise by adding [skip travis] to every commit message.

According to the fetch specs it appears that as long as a Content-Type is specified that is one of "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain" and other conditions are satisfied then a POST request should not result in a preflight request. In practice however I've had a difficult time specifying multiple headers for fetch in a way that doesn't cause the OPTIONS request for the preflight check.

ex 1.

I want to write a static method of stressTest (int n, int m), which creates n subprocesses that add m elements to a MySafeList shared among all the subprocesses. The method must return false, if the number of elements added is different from the expected number (n × m), or if an exception is thrown during execution. Make sure your test fails with MySafeList not synchronized.

Then I tried to use a static list and create a thread table.