TL;DR. golang.org/x/net/idna.Lookup.ToASCII runs UTS-46 NFKC mapping 0-9. A pre-IDNA net.ParseIP check rejects the NO_PROXY lists, TLS-SNI routers, and cookie-domain validators that TrimRight + ParseAddr golang.org/x/net/http/httpproxy, the canonical safe pattern, and two I ran into this one while writing a Go HTTP client for a private project. I idna.Lookup.ToASCII canonicalising the host The sha
Hey dev.to! Maksim here again, author of the previous article "From Idea to MVP: Building a Classified Platform in Serbia" about Rsale.net, a classified platform for Serbia. In that post I described the stack: Next.js 15 + React 19 + ASP.NET Core microservices + AI translation. A few months later, the frontend has been fully rewritten on SvelteKit 2 + Svelte 5 (runes). The Next.js codebase is gon
If you're running a SvelteKit app on Cloudflare Pages and your content is publicly accessible, commodity scrapers will find it eventually. Here's the protection setup we use at Tested.gg - two layers, mostly free, minimal code. If your API is behind Cloudflare Service Bindings (not publicly exposed over HTTP), scrapers can only hit your SvelteKit Pages app. That's your entire attack surface. All p