Robert Boes

@heychazza @AtoBeach @laravelphp Too bad doesn’t work with Sanctum SPA-mode (yet) 😂

Just migrated @AtoBeach to @laravelphp's official passkey package + migrate all existing user passkeys to the new format 🥳 It feels great to have a composer + npm package that cleans up boilerplate logic, the DX here is fantastic. Huge props to the Lara team!

@gonedark And who gets even more complaints if things breaks due to pressure from tweets like this and the +1 comments? Laravel’s releases makes early testing quite difficult; a vague timeline, no pre-release, often a major release containing bugs. IMHO perfectly fine to wait

me: Sends PRs to package authors preparing Laravel 13 compatibility. author: “I’ll wait until the official release.” (Laravel 13 is released) everyone: “+1… merge this.” author:

@codewithdary @jyriso They'd be really tilted about this one then, as this helper calls the facade

@jyriso Honestly same. Some people get tilted when you use facades but I love it too :)

I've scrolled through tons of Laravel + Inertia projects, and almost everyone uses Inertia::render(). But did you know there's an alternative? The inertia() helper does exactly the same thing, just way shorter :). Super handy in controllers! Same result, less noise :).

@PovilasKorop @itsdevdaniel I think you're waaay too optimistic, it's likely 4.x. 4 has the same error page: github.com/laravel/framew… Further, the session cookie is unencrypted, encryption was added in 5.0, and was default. Then csrf, 40-char token is used, which was 4.x until 5.6

The correct answer is (probably) 5.8. Judging from my LaravelDaily article at the time with a similar screenshot: laraveldaily.com/post/avoid-tok… It was published in January 2018, and 5.8 was the latest version at the time. Only @itsdevdaniel got it right!

Quick pub-quiz. Noticed this in one local e-shop. Question: which Laravel version? :)

@soubiran_ @inertiajs @harlan_zw And to be honest, Inertia's SSR implementation needs more attention. It only works in build mode, which makes it incredibly difficult to work with, there's another year old PR that would also make it work in Vite dev mode. Both of those changes would make SSR much more enjoyable

@soubiran_ @inertiajs @harlan_zw Made a PR for using unhead in Inertia over a year ago, seemed like there was little to no interest

What if @inertiajs was using unhead from @harlan_zw instead of their custom system? This would align them with Nuxt UI, Unplugin Vue Markdown, and more, while making everything so much simpler. Should I open an issue? 🤔

@sander_scode @taylorotwell Because it’s goated

@taylorotwell I actually like 1Password though. Last year went LastPass -> 1Password

Jira ➡️ Linear Mailgun ➡️ Resend 1Password ➡️ ?

@taylorotwell I feel like this looks more cluttered, design over functionality. I'd want to get to fixing the issue, while the trace is basically gone. Also including things like a date/time feel a bit useless, when I see that page it's usually at that time, I can just look at the clock

Nobody wants their app to throw exceptions, but at least they look amazing. New local debug page just shipped in Laravel 12.29.0. 💅

@chris__sev At least that's one link that works 😅 (fyi, the link to the docs is still the EA one, resulting in a 403)

Deeplink is one of my favorite Laravel Cloud features that you might have missed

@benbjurstrom @laravelphp And to be clear, I'm not against passkeys, not at all. It just depends a lot on your target audience and passkeys just aren't there yet imho. Giving users options on how to sign in, including passwords, would be my preference

@benbjurstrom @laravelphp Might've worded that shitty for passkeys. I kinda meant, a password hash nowadays is really strong, you're not storing a password, that's what your message sounded like. Laravel nowadays even updates the hash when it's weak

My ideal @laravelphp login page looks something like this. Really don't like being responsible for user's passwords.

@benbjurstrom @DuaneStorey @laravelphp To add to this; This UI gives preference to Google, as if using it would be the best choice to sign up. SSO is nice, but I get what Duane is saying, it often feels very limited. "You're forced to use either of these options" while there are plenty of oAuth providers one could use

@DuaneStorey @robert_boes @laravelphp Why would you have to use Google? There's two options that have nothing to do them.

Just published a blog post on how I discovered a security issue in @laravelphp Reverb, make sure to update to ^1.4.0 robertbo.es/2024/taking-co…

@danmatthews @alexjgarrett @inertiajs @joetannenbaum @reinink I'd be sure to double-check, there are breaking changes, mostly related to the introduction of stale data through cache. Has been reported and I'm experiencing it in all of my apps

🚀 The Inertia.js v2.0 beta is now available! This marks a huge step forward for Inertia. The core library has been completely rewritten to architecturally support asynchronous requests, enabling a whole set of new features, including: - Polling - Prefetching - Deferred props - Infinite scrolling - Lazy loading data on scroll A huge thanks to @taylorotwell, @joetannenbaum, and @pedroborg_es in particular for making this possible 🤝 Please install the beta and let us know if you run into any issues! 🙏

The shipping doesn't stop. As promised, the Inertia v2.0 beta is here. 🤘

@nicksdot @laravelphp Shh, don't let anyone know! 🤫 Not too difficult to find I guess, and it's been fixed, still curious why they'd keep it in the dark instead of releasing the details

@robert_boes @laravelphp Found it. 😛

Do any of my followers have experience submitting a security vulnerability for @laravelphp packages? I reported one last week, so far haven't heard anything back. While promptly after submitting fixes were pushed. No credits, no CVE, no reply, no thank you. Is this... normal...?

@tobias_petry @laravelphp Hmm yeah, I'll send Taylor another email (it's a 1st party package). Never really dealt with reporting a security issue, even less so with submitting a CVE

@robert_boes @laravelphp This is really not how it should be done… Ask them to make it public with 30 days (full disclosure). After that you are free to blog about the issue yourself. Maybe this will then be picked up by other autorities and a CVE will be assigned - which is critical to inform all.

@lets_make_dev @laravelphp Core package

@robert_boes @laravelphp I'm assuming you reported to the package developer on Github? or is this a core package?