DEV Community: Siddharth

🧭 Understanding CORS: Preflight vs Actual API Response

Siddharth — Tue, 11 Nov 2025 06:02:32 +0000

⚙️ What is a Preflight Request?

A preflight is an automatic OPTIONS request sent by the browser before the actual API call.
Purpose: to ask the server for permission to send a non-simple cross-origin request (e.g., one with custom headers like Authorization or Content-Type).

🔁 Preflight vs Actual API Response

Aspect	Preflight (`OPTIONS`)	Actual Request (`GET`, `POST`, etc.)
Who sends it	Browser (automatically)	Browser (after preflight passes)
Purpose	Check if origin, method, and headers are allowed	Perform the real API action
Typical Headers	`Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, `Access-Control-Allow-Headers`	`Access-Control-Allow-Origin`, `Access-Control-Expose-Headers`
Response Body	Usually empty (`204 No Content`)	Contains actual API data or error
Visible to Frontend JS	No (browser internal)	Yes (if CORS rules allow)

🧩 Why Preflight is Useful

🛡️ Security: Prevents unauthorized cross-origin requests.
✅ Negotiation: Lets the browser confirm allowed origins, methods, and headers.
💬 Safety: Ensures your API only accepts intended headers and methods.

1️⃣ Middleware handles only `OPTIONS`

Preflight (success):

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, Authorization

Actual request (fails CORS):

HTTP/1.1 200 OK
Content-Type: application/json
(no Access-Control-Allow-Origin header)

💥 Browser blocks the response because the actual API didn’t include the same CORS header.

2️⃣ Error responses skip CORS config

Preflight (success):

Access-Control-Allow-Origin: https://app.example.com

Actual (fails due to 500):

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
(no Access-Control-Allow-Origin header)

💥 Browser treats this as a CORS violation — even though preflight passed.

3️⃣ Credentials + Wildcard Origin

Preflight:

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

💥 Invalid combo — browsers block if Access-Control-Allow-Credentials: true is set with *.

You must return the exact origin instead:

Access-Control-Allow-Origin: https://app.example.com
Access-Control-Allow-Credentials: true

4️⃣ Missing Allowed Headers

Browser requests:

Access-Control-Request-Headers: Content-Type, Authorization

Server responds (missing Authorization):

Access-Control-Allow-Headers: Content-Type

💥 Browser rejects the request:

“Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.”

💡 Developer Recommendations

✅ Apply CORS consistently on all responses — success or error.
⚙️ Use middleware per route if different APIs need different origins.
🧱 Include Authorization and Content-Type in allowedHeaders if you use tokens or JSON.
🔐 Be explicit — don’t rely on defaults.
🧪 Test in DevTools — verify that both OPTIONS and the actual request return matching Access-Control-Allow-* headers.

🧭 TL;DR

Preflight = browser asking for permission
Actual request = performing the action

Preflight can pass while the actual request fails if headers, origins, or credentials aren’t consistent.

🔧 Fix: Apply the same Access-Control-Allow-* headers to every response — including errors — and explicitly list headers like Authorization and Content-Type.

HTTP GET vs POST vs PUT vs PATCH vs DELETE

Siddharth — Tue, 11 Nov 2025 06:02:16 +0000

1. GET

Purpose: Retrieve data from a server.
Characteristics:

Safe & idempotent: It doesn’t modify data on the server.
Cacheable: Responses can be cached by browsers or CDNs.
No body: Parameters go in the URL query string (/users?id=123).

Example:

GET /users/123

📦 Retrieves the user with ID 123.

2. POST

Purpose: Create a new resource on the server.
Characteristics:

Not idempotent: Multiple identical requests may create multiple resources.
Has a body: Data (usually JSON) is sent in the request body.
Common for: Creating items, submitting forms, authentication, uploads.

Example:

POST /users
Content-Type: application/json

{
  "name": "Alice",
  "email": "alice@example.com"
}

📦 Creates a new user record.

3. PUT

Purpose: Replace an existing resource entirely.
Characteristics:

Idempotent: Sending the same request repeatedly results in the same outcome.
Requires full resource representation — all fields, not just the ones you’re updating.

Example:

PUT /users/123
Content-Type: application/json

{
  "name": "Alice Updated",
  "email": "alice@newdomain.com"
}

📦 Replaces the entire user record for ID 123.

4. PATCH

Purpose: Partially update a resource.
Characteristics:

Idempotent (in theory): Usually behaves as such if properly implemented.
Only includes the fields to change in the request body.

Example:

PATCH /users/123
Content-Type: application/json

{
  "email": "alice@newdomain.com"
}

📦 Updates only the email field for user 123.

5. DELETE

Purpose: Remove a resource from the server.
Characteristics:

Idempotent: Repeated DELETEs have the same effect.
Usually no body.

Example:

DELETE /users/123

📦 Deletes the user with ID 123.

🧭 Summary Table

Method	Action	Idempotent	Safe	Request Body	Typical Use
GET	Retrieve	✅	✅	❌	Fetch data
POST	Create	❌	❌	✅	Add new resource
PUT	Replace	✅	❌	✅	Full update
PATCH	Update	✅ (mostly)	❌	✅	Partial update
DELETE	Remove	✅	❌	❌ (usually)	Delete data

🧭 Why HTTP verbs matter, why do I care (even if the SQL looks the same)?

When building REST APIs in .NET, it might feel like POST, PUT, or PATCH all do the same thing — after all, they can each trigger the same SQL UPDATE statement.

But the true power of HTTP verbs isn’t about your SQL logic — it’s about how clients, caches, load balancers, and tools interpret your API’s intent.

HTTP verbs define a contract for how requests behave in terms of caching, retries, idempotency, and security. Think of HTTP verbs as contracts between:

Clients (browsers, mobile apps, other services),
Servers (your .NET API),
Intermediaries (load balancers, caches, proxies, frameworks, monitoring tools).

They communicate intent, not implementation.

So while these verbs can all trigger an UPDATE in SQL, their meaning in HTTP defines how the system behaves around that request — caching, retries, idempotency, logging, security, etc.

⚙️ Example Scenario

You have a SQL Server Users table:

Users(Id INT, Name NVARCHAR(50), Email NVARCHAR(100))

You want to:

Fetch a user
Create a user
Replace a user
Partially update a user’s email
Delete a user

🚀 RESTful API Design

Operation	HTTP Verb	Endpoint	Request Body	Behavior
Fetch user	`GET`	`/api/users/123`	none	Returns JSON for user 123
Create new user	`POST`	`/api/users`	`{ "name": "Alice", "email": "a@b.com" }`	Creates new user (auto-generated ID)
Replace entire user	`PUT`	`/api/users/123`	`{ "name": "Alice", "email": "new@b.com" }`	Replaces user 123’s record entirely
Update only email	`PATCH`	`/api/users/123`	`{ "email": "new@b.com" }`	Updates just the email
Delete user	`DELETE`	`/api/users/123`	none	Deletes user 123

⚡ When the Difference Matters

Situation	Why Verb Matters
Retry Logic	`PUT` and `DELETE` are idempotent — safe to retry after a timeout. `POST` might create duplicates.
Caching	`GET` responses can be cached. `POST` and `PATCH` cannot.
Proxy/CDN Behavior	CDNs can cache `GET` and invalidate caches after `PUT`, `PATCH`, or `DELETE`.
Documentation & SDKs	Tools like Swagger/OpenAPI generate correct docs and client SDKs when verbs are semantically correct.
Security	You can enforce different permissions (e.g., `GET` public, `PUT` requires `Admin`).
Monitoring	Logs make more sense (`DELETE /users` → “user deletions”) when verbs match actions.

🧩 Example: Retrying Requests

If a frontend app calls:

await fetch("/api/users/123", {
  method: "PUT",
  body: JSON.stringify({ name: "Alice", email: "a@b.com" })
});

and the request times out, the client can safely retry because PUT is idempotent — sending it twice has the same effect.

If it were a POST, two requests might create duplicate users.

✅ Summary

Even though the internal logic (e.g., SQL UPDATE) might be identical:

POST → create new resource
PUT → replace resource entirely
PATCH → partially update resource
DELETE → remove resource
GET → retrieve resource

Using the correct HTTP verbs gives your API:

Predictable behavior
Correct retry & caching semantics
Better documentation and tooling
Compatibility with clients, proxies, and REST conventions

🧠 Tip

You can combine this with:

Model validation (to verify email format)
ETags or RowVersion for concurrency control
Global exception filters for consistent responses

This is where REST verbs and database logic truly complement each other.

Writing XUnit Tests without Object Arrays

Siddharth — Sat, 12 Oct 2024 14:30:17 +0000

Introduction

In unit testing with XUnit, we often use object arrays for test data. However, managing complex test data can quickly become cumbersome and hard to read. In this post, we’ll explore how to write cleaner and more scalable XUnit tests using TheoryData<T> without relying on object[] arrays.

Example Scenario: Retrieving Food by Type

Let's implement a FoodService class with a method that retrieves food items by type.

public enum FoodType { Fruit, Fast }

public interface IFoodService
{
    public IEnumerable<string> GetByType(FoodType type);
}

public class FoodService : IFoodService
{
    public IEnumerable<string> GetByType(FoodType type) => type switch
    {
        FoodType.Fruit => ["Apple", "Banana"],
        FoodType.Fast => ["Pizza", "Burger"],
        _ => throw new NotImplementedException()
    };
}

Here, we use TheoryData<T> to hold our test cases, defining a FoodTestData record that includes input parameters, expected results, and a custom name for each test case:

public class FoodTests
{
    // override ToString method allow us to specify name for individual tests in TheoryData<T>
    public record FoodTestData(FoodType Type, IEnumerable<string> Expected, string TestName)
    {
        public override string ToString() => TestName;
    }

    // this method has the input parameters and expected values. we can scale this method with more tests without changes the test itself.
    public static TheoryData<FoodTestData> GetFoodTestData() => [
        new(Type: FoodType.Fruit, Expected: ["Apple","Banana"], TestName: "Test should return expected fruits"),
        new(Type: FoodType.Fast, Expected: ["Pizza","Burger"], TestName: "Test should return expected fast food")
    ];

    [Theory]
    [MemberData(nameof(GetFoodTestData))]
    public void ShouldReturnExpectedFood(FoodTestData foodTestData)
    {
        // Arrange
        var mockFoodService = new Mock<IFoodService>();
        mockFoodService
            .Setup(x => x.GetByType(FoodType.Fruit))
            .Returns(["Apple", "Banana"]);

        // Act
        var food = new FoodService().GetByType(foodTestData.Type);

        // Assert
        Assert.Equal(foodTestData.Expected, food);
    }
}

Output

Conclusion

Using TheoryData<T> with a named record keeps our tests clean, easy to read, and scalable for future test cases.

Thank you for reading.

.NET Configuration

Siddharth — Thu, 26 Jan 2023 08:39:29 +0000

Configuring .NET apps can be confusing with all the different options available. We have different types of apps like Web APIs, Background Service and Console app etc. which can run on different .NET versions or environments and setting them up with correct configurations can be overwhelming.

I want to share what I learned that helped me understand how all the different configurations fit together and make sense of it all.

Before we start let's first understand .NET project SDK which is a base for different types of configuration.

.NET project SDK

.NET Core, .NET 5 and later projects are associated with a SDK (Software Development Kit). It is responsible for compiling, packing and publishing code. SDK contains .NET CLI, runtime and libraries.

We can target SDK in project file to configure different types of .NET apps.

<Project Sdk="Microsoft.NET.Sdk">
  ...
</Project>

Available SDKs

ID	Description
`Microsoft.NET.Sdk`	The .NET SDK. This is the base SDK for all other SDKs
`Microsoft.NET.Sdk.Web`	The .NET Web SDK
`Microsoft.NET.Sdk.BlazorWebAssembly`	The .NET Blazor WebAssembly SDK
`Microsoft.NET.Sdk.Razor`	The .NET Razor SDK
`Microsoft.NET.Sdk.Worker`	The .NET Worker Service SDK
`Microsoft.NET.Sdk.WindowsDesktop`	The .NET Desktop SDK

ASP.NET Core apps

ASP.NET Core is composed of several building blocks. These blocks can be configured to suit the requirements and shape the overall configuration of the application. We are going to look at some of the important blocks.

Host
Dependency Injection
Middlewares
Configuration
Environments
Logging
HttpContext
Routing
Server

Host

The Host, also referred as Host builder or builder, is the first step in configuration. It is used to configure app and its services. Host contains all resources of an app:

An HTTP server implementation
Middleware components
Logging
Dependency injection (DI) services
Configuration

There are three types of hosts you can choose which depends on the .NET project SDK:

ASP.NET Core Web Host
- Exists only for backward compatibility
- Supports .NET Core 2.x Apps
- Uses WebHost.CreateDefaultBuilder() to create builder
.NET Generic Host
- Available in all .NET SDKs
- Supports ASP.NET Core 3.x and .NET 5 Apps
- Uses Host.CreateDefaultBuilder() to create builder
- More info: .NET Generic Host
.NET WebApplication Host also known as Minimal Host
- Simplified version of .NET Generic Host
- It provides some of the default configuration and hence significantly reduces the number of files and lines of code to configure an app.
- Available only in Microsoft.NET.Sdk.Web
- Supports .NET 6 Apps
- Uses WebApplication.CreateBuilder() to create builder
- More info: .NET Web Host

The following example configures apps and services using .NET Generic host:

public class Program
{
    public static void Main(string[] args)
    {
        // create host and run app
        CreateHostBuilder(args)
            .ConfigureHostConfiguration(config => config.SetBasePath(Directory.GetCurrentDirectory()))
            .Build()
            .Run();
    }

    public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseStartup<Startup>();
            });
}

public class Startup
{
    public IConfiguration Configuration { get; }
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    // configure services
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddScoped(typeof(IGitHubService), typeof(GitHubService));
        services.AddScoped(typeof(ISlackService), typeof(SlackService));
    }

    // configure app
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
    }
}

Same configuration but with WebApplication host:

// create host
var builder = WebApplication.CreateBuilder(args);

// configure services
builder.Services.AddScoped(typeof(IGitHubService), typeof(GitHubService));
builder.Services.AddScoped(typeof(ISlackService), typeof(SlackService))

// configure app
var app = builder.Build();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();

// runs app after configuration
app.RunAsync();

Dependency Injection (services)

ASP.NET Core includes dependency injection (DI) that makes configured services available throughout an app. Services are added to the DI container using WebApplicationBuilder.Services (builder.Services). When the builder is instantiated, many framework-provided services are added by default.

Example

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();
builder.Services.AddScoped(typeof(IContactRepository), typeof(ContactRepository));

var app = builder.Build();

As services are add to DI container, we can resolve these services using constructor.

public class Contact
{
    public readonly IContactRepository _contactRepository;

    public Contact(IContactRepository contactRepository)
    {
        _contactRepository = contactRepository;
    }

    public Contact Get(int id)
        => _contactRepository.Get(id);
}

Middleware

In simple terms, middleware is a set of tools that connects different parts of an application and allows them to work together. When the application gets a request, the middleware receives it first and directs it to the right place in the application.

In the configuration, we can add series of middleware in request pipeline. These middleware are chained together. In even of an incoming request, each middleware in sequence -

Chooses whether to pass the request to the next middleware.
It can perform its operation before and after the next middleware.

By convention, a middleware is invoked by an extension method starts with "Use" keyword. Sequence is the order middleware are defined. "Run" or "RunAsync" method in the last terminates the request.

// create host
var builder = WebApplication.CreateBuilder(args);

// configure services
builder.Services.AddScoped(typeof(IContactRepository), typeof(ContactRepository));

// configure app
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
}

app.UseHttpsRedirection();
app.UseAuthorization();

// custom middleware
app.Use(async (context, next) =>
{
    // Do work that can write to the Response.
    await next.Invoke();
    // Do logging or other work that doesn't write to the Response.
});

// terminates the request
app.Run();

From here on things are easy if you understand SDKs, Hosts, DI & Middleware. Let's check rest of the building blocks quickly -

Configuration

ASP.NET Core apps provides configuration framework. It get settings in key-value pairs. It has many built-in configuration providers which gets settings/configurations from different sources:

Settings files, such as appsettings.json
Environment variables
Azure Key Vault
Azure App Configuration
Command-line arguments
Custom providers, installed or created
Directory files
In-memory .NET objects

You can use host/builder to configuration from multiple sources.

var builder = WebApplication.CreateBuilder(args);

// Services
var settings = builder.Configuration.GetSection("Settings");
builder.Services.Configure<Settings>(settings);

var app = builder.Build();

// Configure
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();


// Terminates request
await app.RunAsync();

Environments

Set the ASPNETCORE_ENVIRONMENT environment variable to your environment name and access it using Host Builder. By default Development, Staging and Production values are supported .NET configuration.

ASP.NET Core reads that environment variable at app startup and stores the value in an IWebHostEnvironment implementation. This implementation is available anywhere in an app via dependency injection (DI).

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.Run();

Logging

ASP.NET Core supports variety of built-in and third-party logging providers:

Console
Debug
Event Tracing on Windows
Windows Event Log
TraceSource
Azure App Service
Azure Application Insights

When you create a building using WebApplication.CreateBuilder it adds Console, Debug, EventSource and EventLog by default. You can reconfigure logging providers using Host builder.

var builder = WebApplication.CreateBuilder(args);
builder.Logging.ClearProviders();
builder.Logging.AddConsole();

var app = builder.Build();
app.Run();

Final thoughts

If we rethink the structure of the ASP.NET core building blocks it looks something like this -

- .NET project SDK
  - Host (builder)
    - Dependency Injection (builder.Services)
    - Configuration (builder.Configuration)
    - Logging (builder.Logging)
    - App (builder.Build())
      - Middlewares (app.Use{ExtensionMethod})
      - Environments (app.Environment)

I hope this helps to clear confusion. Thanks for reading!

References

Understanding Git Rebase

Siddharth — Fri, 25 Nov 2022 17:21:17 +0000

Understanding git rebase is confusing when you start working with it. Here's how I understand Git Rebase.

What is Rebase

Git Merge and Git Rebase does the same thing - both can pull changes from other branches. But Rebase works little different from Merge.

ELI5 version

Git Rebase

You are about to travel for few days so you start packing bags. You put your t-shirts, charger, headphones, toothbrush etc. Your friend is about to come at your place to drop you at railway station. Your friend bought a gift for you - a new shiny jeans. You want to put the jeans below all of your cloths therefore you pull all your cloths from bag/suitcase, put jeans and put back your cloths. This is basically rebase.

items in bag is your feature branch

new blue jeans is your master branch

when you reshuffle cloths to put new jeans below other cloths is git rebase

Git Rebase Vs Git Merge

in git rebase you add more cloths to your base as you receive them. so it is properly organized and easy to pull cloths, easy to manage.

in git merge you are lazy - you put that jeans and any other item on top of your bag as you receive them. This is hard to pull specific things when you need them, results merge conflicts often complex one and overall hard to manage.

How Rebase works

Let's say you create a new branch feature/contact-us-page from master branch. While you are working on your feature the master branch gets updated with new features.

Consider following history of feature and master branch

feature/contact-us-page master

commit 102 commit 106 Merge branch home-page

commit 101 commit 105 Merge branch about-us-page

commit 100 commit 104 Merge branch login-page

When you run git rebase master on your branch, it pulls changes from master and move them below your current branch changes. Here's how your feature branch commit will look

feature/contact-us-page master

commit 102 commit 106 Merge branch home-page

commit 101 commit 105 Merge branch about-us-page

commit 100 commit 104 Merge branch login-page

commit 106 Merge branch home-page

commit 105 Merge branch about-us-page

commit 104 Merge branch login-page

Master branch history when you merge your branch into master using merge strategy

master

commit 102

commit 101

commit 100

commit 106 Merge branch home-page

commit 105 Merge branch about-us-page

commit 104 Merge branch login-page

feature/contact-us-page	master
commit 102	commit 106 Merge branch home-page
commit 101	commit 105 Merge branch about-us-page
commit 100	commit 104 Merge branch login-page

feature/contact-us-page	master
commit 102	commit 106 Merge branch home-page
commit 101	commit 105 Merge branch about-us-page
commit 100	commit 104 Merge branch login-page
commit 106 Merge branch home-page
commit 105 Merge branch about-us-page
commit 104 Merge branch login-page

master
commit 102
commit 101
commit 100
commit 106 Merge branch home-page
commit 105 Merge branch about-us-page
commit 104 Merge branch login-page

VS how Merge works

When you run git merge master on your branch, it pulls changes from master and move them into a new commit. This new commit is on top of your changes. Here's how your feature branch commit will look after git merge -

feature/contact-us-page master

commit 107 Merge branch master

commit 102 commit 106 Merge branch home-page

commit 101 commit 105 Merge branch about-us-page

commit 100 commit 104 Merge branch login-page

Important thing to note here is commit 106 feature/home-page, commit 105 feature/about-us-page and commit 104 feature/login-page are still present in commit 107 merge commit.

Master branch history when you merge your branch into master using merge strategy

master

commit 107 Merge branch master

commit 106 Merge branch home-page

commit 105 Merge branch about-us-page

commit 104 Merge branch login-page

feature/contact-us-page	master
commit 107 Merge branch master
commit 102	commit 106 Merge branch home-page
commit 101	commit 105 Merge branch about-us-page
commit 100	commit 104 Merge branch login-page

master
commit 107 Merge branch master
commit 106 Merge branch home-page
commit 105 Merge branch about-us-page
commit 104 Merge branch login-page

Rules for Rebasing

When not to do Rebase - Always rebase on your own branch. Never use it on public branches

Force Push with Caution - When you rebase, git pulls latest changes and move it below your changes. It basically rewrites your history. To push changes to origin you need to do force push - git push --force. Please be very careful, if you push on some other branch, it will rewrite history of that branch and there is no way to revert it.

Benefits of Rebasing over Merge

You will get much cleaner history

Reverting changes or whole branch is a lot easier because you are always dealing with simple commits. In Merge you deal with merge commits which has other commits.

You won't get bigger merge conflicts

Finally, thank you for reading. I hope it helps you with Rebase.

Delegates - Behind The Scenes

Siddharth — Sun, 22 May 2022 05:53:35 +0000

Let's say we want to filter even numbers. In C#, we usually do it using LINQ's Where extension -

var numbers = Enumerable.Range(1, 100);
var evenNumbers = numbers.Where(n => n % 2 == 0);

The signature of Where takes Func<int, bool> as parameter

The syntactic sugar, behind the scenes, is basically doing

var evenNumbers = numbers.Where(new Func<int, bool>(n => n % 2 == 0));

Func is a delegate which has int as input and bool as output. We can write it as -

var evenNumbers = numbers.Where(delegate(int n)
{
    return n % 2 == 0;
});

This means we can do -

public static bool IsEven(int number)
{
    return number % 2 == 0;
}
var evenNumbers = numbers.Where(IsEven);

AdGuard Home as Private DNS Server on Raspberry Pi

Siddharth — Wed, 26 Jan 2022 07:14:29 +0000

To access AGH outside network and to use it as a private DNS server, we need 3 things -

Domain
TLS Certificate
Port forwarding

Registering Domain

You can register domain from any website, however, one of the free option is to use duckdns.org. Create account, add a sub-domain to your account.
You need to attach your public IP address to the domain you have created. You can use whatismyip.com to find your public IP address.

Obtaining TLS Certificate

Encryption is based on TLS certificate and it is needed to use AGH as a private DNS server which is accessible outside your home network. We can obtain TLS certificate for free using letsencrypt.org.

Install Certbot

sudo apt update
sudo apt install certbot

Get a certificate using DNS challenge

Start issuing certificate

sudo certbot certonly --manual --preferred-challenges=dns -- preferred-chain="ISRG Root X1"

Enter the domain you've registered on DuckDns.org. After this step -- DO NOT press continue until you add DNS challenge record to your domain.
Add DNS challenge to your domain by visiting the following URL -
```
https://www.duckdns.org/update?domains={DOMAIN}&token={TOKEN}&txt={TXT_VALUE}
```
Here, DOMAIN is your domain.duckdns.org. TOKEN you can find in home page of DuckDns. TXT_VALUE is the verification string in terminal generated using certbot command.
Press enter to continue and verify the ownership of the domain.
After successful verification, fullchain.pem and privkey.pem files will be generated for your domain. Please note down the path of both of these files.

Enable Encryption in AdGuard Home

Go to AGH > Settings > Encryption Settings
Enable Encryption checkbox
Enter your duckdns domain in Server Name
Set fullchain.pem file path in Certificate section. After adding status should be "Certificate chain is valid"
Set privkey.pem file path in Private key section. After adding status should be "This is a valid RSA private key"
Save Configuration

Port Forwarding

Encrypted traffic needs reaches to AGH server and for that port needs to be forwarded. I recommend to forward all ports but you can forward the port based on your need. Forwarding different ports enables different "feature". Here's quick summary -
- HTTPS port (443) - When you forward HTTPS port, you can access AGH Dashboard using https://{your-domain}.duckdns.org.
- DNS-over-TLS port (853) - Forwarding this port enables you to use AGH as private DNS service in mobile devices outside your home network.
- DNS-over-QUIC port (784) - Forwarding this port enables the devices to use DNS-over-QUIC as private DNS server.
Forwarding port on Router
- Login to router and find port forward / virtual servers settings
- Depending on your router you will have combination of these probably with different names for External IP, External Port, Internal IP and Internal Port.
- External IP is your public IP address, Internal IP is your Raspberry Pi address and internal/external port will be (443, 853 or 784). Save settings for each port to enable port forwarding.

Use as private DNS

If all steps are successful, you can use https://{your-domain}.duckdns.org to visit AGH server from any network. You can also configure {your-domain}.duckdns.org as private DNS on various devices.

Configure AdGuard Home with Raspberry Pi

Siddharth — Wed, 26 Jan 2022 07:14:07 +0000

Intro

I was using NextDNS for couple months and recently switched to AdGaurd Home as it is more advanced. It's bit more complex to setup as compare to NextDNS. I have faced many challenges while configuring with Raspberry Pi, however, struggling for a day or two I am finally able to configure it. Hence, thought to create a step-by-step guide hoping this might help someone facing similar issues.

AdGuard Home (AGH)

It's a free and open source, network-wide software for blocking ads & tracking. After you set up, it'll cover all your devices without needing any client-side software. You can read more about AdGuard Home at https://adguard.com/en/adguard-home/overview.html

Installation

Go to release page, download and unpack binaries on your pi using following command -
wget 'https://static.adguard.com/adguardhome/release/AdGuardHome_linux_armv6.tar.gz'
tar -f AdGuardHome_linux_armv6.tar.gz -x -v

Below commands will install AGH as a service so if your pi restart it will start automatically.
cd ./AdGuardHome/
sudo ./AdGuardHome -s install

Here are the other commands you might need to control the service:

AdGuardHome -s uninstall: uninstall the AdGuard Home service.
AdGuardHome -s start: start the service.
AdGuardHome -s stop: stop the service.
AdGuardHome -s restart: restart the service.
AdGuardHome -s status: show the current service status.

Initial Setup

By default AGH runs on port 53, hence you can start initial setup by visiting {raspberrypi-ip-address}:53 from any device in your network. Once you complete the initial setup you will be redirected to Dashboard.

You can test your setup by visiting some website or running following command to test and dashboard on AGH will show data -
nslookup github.com {raspberrypi-ip-address}

Configure AGH on Router

Get the AGH listening IP address (usually device IP where AGH is running) from Setup Guide tab

Login to your router and add your Raspberry-Pi IP address as primary DNS server. If your router, doesn't allow you to add IP from same subnet, you can add Primary DNS in DHCP Server settings and it should work.

That's it. Traffic from devices in your network should appear in AGH Dashboard.

Upstream & Bootstrap DNS

AGH works as a proxy, therefore, you can redirect unblocked traffic to your favorite DNS servers. Upstream DNS providers will handle your traffic and Bootstrap DNS will be used to resolve upstream DNS providers.

It's super easy to configure Upstream and Bootstrap DNS servers. Pick one or more DNS server providers and add them to ADH > Settings > DNS Settings > Upstream and Bootstrap DNS section.

DNS Blocklist

Now you can go to Filter > DNS Blocklist and select predefined blocklists to add them and AGH will start blocking ads and tracking domain.

How I send a gift coupon to my nerdy friend

Siddharth — Fri, 26 Nov 2021 21:49:53 +0000

Context

Our company has organized "Secret Santa", pre-covid times. I got the name of a nerdy colleague and a friend. I decided to gift him Amazon gift coupon. Like people usually do - hiding gift somewhere in desk, I instead created an online puzzle like a treasure hunt using some automation. If he solves he will receive gift on his email.

Starting Point

Printed a bar code on a paper and put it on my friend's workstation desk. Upon scanning, it redirects to a simple website I've created using wixsite.com. Here's the picture of printed barcode along with other gifts -

The landing page shows following instruction -

To get your gift all you need is an email address.

Don't scroll! Take the challenge

Before I tell you more, why don't you give a try yourself to find the email address? Here's the link after scanning barcode - https://turantsephele.wixsite.com/giftgenerator

S
C
R
O
L
L

T
O

S
E
E

N
E
X
T

S
T
E
P
S

Finding hints to find the email address

Once you click "Get email address", it redirects you to another page which shows a timer and nothing else. And with a small hidden button somewhere in page.

If you are able to find the button and click, it redirects you to brainfuck visualizer with some pre-populated code.

I've written this code in brainfuck and when you run it outputs next hint.

Final Hint

That brainfuck code outputs a simple string - Decode:747572616e7473657068656c6540676d61696c2e636f6d

After decoding, it gives you the email address.

Automation for sending gift coupon

I have created a IFTTT flow which triggers when there is an incoming email with subject "HOG RIEEDERRRRR" and it is from my friend's email address.

Once this condition matches, IFTTT sends an email back with gift coupon details.

To make sure friend don't stuck

Once timer ran out it reveals a link to brainfuck visualizer code.

If he can't solve the puzzle in 3 days, an email triggers and sent gift coupon details to friend's email address. Again using IFTTT.

That's all folks!

If you did something similar or have some idea like this, drop it in comments :)

Taking control of privacy using NextDns

Siddharth — Tue, 23 Nov 2021 10:16:27 +0000

The Problem

We use a lot of apps and websites everyday on different devices and operating systems. We don't have control on what data is being send to these services. OfCourse, in Android and iPhone we can have some permissions in place but it is very limited.

There is no way you can control privacy for all of your devices from a central place.

What is NextDNS

It is a firewall which can be setup at network (router) level or at individual devices. It protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks. It gives you full control of the your privacy.

Features

All of the features are optional and can be enabled or disabled based on needs.

Configuration Features

Multiple configuration - you can have one or more configurations which can be used for each or group of devices.

Works using DNS - All you need is to configure a DNS provide by the configuration to have blocking in place. Once you configure DNS on device, blocking works regardless of network.

Security Features

Google Safe Browsing - Block malware and phishing domains

Cryptojacking Protection - Prevent the unauthorized use of your devices to mine cryptocurrency.

DNS Rebinding Protection - Prevent attackers from taking control of your local devices through the Internet.

Typosquatting Protection - Block domains registered by malicious actors that target users who incorrectly type a website address.

and a lot more

Privacy Features

Blocklists - Block ads & trackers using the most popular blocklists using pre-configured open source blocklists can be enabled/disabled.

Native Tracking Protection - Blocks wide spectrum trackers at operating system level.

Affiliate & Tracking Links - Blocks affiliate & tracking domains common on deals websites, in emails or in search results.

and a lot more

Parental Controls

Block websites, apps and games.

Block based on categories

Block based on day and time of the day

Enforce safe search

YouTube restricted mode

Optional Logs & Analytics

When enabled, it gives complete picture of the network and devices including resolved queries, blocked queries, block reason, traffic destination by countries, % of encrypted DNS queries etc.

Pricing

Sandbox - This is free environment for 7 days to try NextDNS.
Free - Once you signup, you can save settings. This tier is limited to 300,000 queries per month for all devices under the account.
Paid - Gives you unlimited queries per month for $2/month.

Getting Started

Sandbox
Free

DEV Community: Siddharth

🧭 Understanding CORS: Preflight vs Actual API Response

⚙️ What is a Preflight Request?

🔁 Preflight vs Actual API Response

🧩 Why Preflight is Useful

1️⃣ Middleware handles only OPTIONS

2️⃣ Error responses skip CORS config

3️⃣ Credentials + Wildcard Origin

4️⃣ Missing Allowed Headers

💡 Developer Recommendations

🧭 TL;DR

HTTP GET vs POST vs PUT vs PATCH vs DELETE

1. GET

2. POST

3. PUT

4. PATCH

5. DELETE

🧭 Summary Table

🧭 Why HTTP verbs matter, why do I care (even if the SQL looks the same)?

⚙️ Example Scenario

🚀 RESTful API Design

⚡ When the Difference Matters

🧩 Example: Retrying Requests

✅ Summary

🧠 Tip

Writing XUnit Tests without Object Arrays

Introduction

Example Scenario: Retrieving Food by Type

Output

Conclusion

.NET Configuration

.NET project SDK

Available SDKs

ASP.NET Core apps

Host

Dependency Injection (services)

Middleware

Configuration

Environments

Logging

Final thoughts

References

Understanding Git Rebase

What is Rebase

ELI5 version

Git Rebase

Git Rebase Vs Git Merge

How Rebase works

VS how Merge works

Rules for Rebasing

Benefits of Rebasing over Merge

Finally, thank you for reading. I hope it helps you with Rebase.

Delegates - Behind The Scenes

AdGuard Home as Private DNS Server on Raspberry Pi

Registering Domain

Obtaining TLS Certificate

Install Certbot

Get a certificate using DNS challenge

Here, DOMAIN is your domain.duckdns.org. TOKEN you can find in home page of DuckDns. TXT_VALUE is the verification string in terminal generated using certbot command.

Enable Encryption in AdGuard Home

Port Forwarding

Use as private DNS

Configure AdGuard Home with Raspberry Pi

Intro

AdGuard Home (AGH)

Installation

Initial Setup

Configure AGH on Router

Upstream & Bootstrap DNS

DNS Blocklist

How I send a gift coupon to my nerdy friend

Context

Starting Point

Don't scroll! Take the challenge

Finding hints to find the email address

Final Hint

Automation for sending gift coupon

To make sure friend don't stuck

Taking control of privacy using NextDns

The Problem

1️⃣ Middleware handles only `OPTIONS`