Though in reality, management will push back any unorthodox approaches/solutions/approaches as risk and additional losses on R&D.

‘’’ Note: When I say “top-level” I am talking about the URL that you see in the address bar. So if you load fun-games.example in your URL bar and it makes a request to your-bank.example then fun-games.example is the top-level site. ‘’’ Meaning explicit creds won’t be sent. Even if fun-games knows how to send explicit creds, it can’t because fun-games does not have access to creds which stored for your-bank. Say suppose your-bank creds stored in local store. Since current URL is fun-games it can only access local storage of fun-games, not your-bank.

Thank you! I was always wondering why the heck this (mostly) useless and broken mechanism exists. I had hesitations about disabling it but had doubts about my understanding. Now I know I’m right

“Stateless” is not what “I” want, it is part of definition of REST.

Can do != what spec says you should do. You can also send clown version from the post but don’t be surprised people will find it… funny

Again, I’m not telling you are doing wrong. I’m telling you are mixing REST and RESTful web services

REST calls are same as in 2001. There is no REST 2.0 or REST 2024. Because REST is architecture guideline. It’s just more data sent over it today. HTTP code IS code. Why your system issued it is implementation detail and have nothing to do with resource representation. Examples you provided are not 403. “Too many users active” does not exist in REST because REST is stateless, closest you can get is “too many requests” - 429. Insufficient permissions is 401. I don’t even know what is “blocked by security” but sounds like 401 too. Regardless, you should not provide any details on 401 or 403 to client as it is security concern. No serious app will tell you “password is wrong” or “user does not exist”. Maximum what client should hope for is input validation errors in 400.

For those with “internal tool, I don’t care” argument - you either do not know what security in depth is or you don’t have 403 or 401 scenario in the system in the first place.

Now hear me out, you all can do whatever you want or need with your API. Have state, respond with images instead of error codes, whatever, but calling it REST is wrong by definition

Imagine how much more common this positive vibe would be if people wouldn’t need to spend at least 1/3 of their life trying to meet ends in competitive environment

At least they are not a tee pot

Why sit there 5 mins? This looks like normal city bus stop. Bus arrives at scheduled time, picks up passengers and takes off. I believe great ‘merica supper power nation can manage what Eastern Europe nations made happen years ago. Yes you may have few mins delays but it’s not a disaster.

If for whatever reason it must sit there for long time bust stop should be in a bay

I believe car drivers are capable of waiting 15 seconds while vehicle which most likely transports multiple times more passengers dropping/picking those passengers. Car drivers wait hours in traffic jams for themselves, can wait a bit for bunch of people in a bus

Crossings should be safe for humans and bikes. Meaning, they should be short and bikes should not be ridden across intersections if no bike lane

Better explain why pedestrian crossings are stretched so much instead of being on shortest trajectory to other side

Do you have to unlock? You can open wallet from blocked screen without unlocking phone

deleted by creator

Folks really trying to argue about example code. Even created “global state” straw man. Here is secret - if you are using global state then code is shit in the most cases.

removed, stop buying your metal scrap and pay your devs. I wanna play Marathon this century

But it’s FAANG company, they know how to do best /s

I’m not sure how I feel about it. Don’t want this to cause “share” bots networks which will pump particular posters. Next logical think to do is to start showing more from those posters, which will kill the hole point of consuming content from fediverse for me. I don’t want to see same things from same people. I want diverse content from different posters

Kinda, I guess we all can agree it’s more typical to deserialize into POJO where theres is no such thing as missing field. Otherwise why would you choose Java if you don’t use types. This great precondition for various stupid hacks to achieve „patching” resources, like blank strings or negative numbers for positive-only fields or even Optional as a field.

You talking about those forcefully recruited after being blackmailed into accepting Russian passport or those who already had it before 2014 and were sent there after? Yes, sure, there are people who genuinely wanted those regions to be part of Russia. As there are Russians fighting on Ukraine’s side. Following your logic Ukraine or other “high moral” party should’ve run “special military operation” to help Russian Freedom Legion to overthrow Putin. Why not mentioning Crimea’s tatars in Russian army? Is it coz they were repressed, their property was taken and they were forcefully moved out of their native lands? Why their ethnicity is not that important? Can’t absorb Russian identity nationalism to the degree they blindly follow their tsar? Or better tell us if Russia is so pro-ethnicity independence then why Russia taking down those Dagestan rebels? Or not giving Siberia’s people independence? “That’s all western propaganda” you’ll say. Don’t bother.

I’m join my neighbor in request to you to fuck ff. Don’t make me mad and keep “your” imperialistic opinion for Russian Empire fan meetup. The only anecdote here is you

Agree. I find “get started” usually is the best way to give an example of “entry point” to API. After that API documentation should get anyone covered for most of the cases. If API is big then it probably has primary and secondary set of features. Secondary then can be covered as tutorials.