►
From YouTube: Websites Weekly Meeting (Feb 28th, 2022)
Description
Layer5 Websites Meeting - February 28th, 2022
Agenda:
- Image optimization for Community page. #2610
- Resource Optimization #2616
- https://www.gatsbyjs.com/plugins/gatsby-plugin-loadable-components-ssr/
- Image elements do not have explicit width and height ( check PageSpeed Insights)
- Also add missing alt attributes, if any.
- in auth.layer5.io (or meshery.layer5.io) - Point out where x-frame header can be set in Golang. Meshery Cloud
Join the community at https://layer5.io/community
Find Layer5 on:
GitHub: https://github.com/layer5io
Twitter: https://twitter.com/layer5
LinkedIn: https://www.linkedin.com/company/layer5
Docker Hub: https://hub.docker.com/u/layer5/
B
Okay,
so
abhijai
and
yash
they
were
working
on
the
get
knight
hog
dog
sidebar.
So
basically,
what
we
discussed
in
last
year
last
month
was
that
this
is
like
covering
the
text
and
we
should
probably
move
it
to
the
side
and
we
suggested,
I
think
the
top
left
corner
here
and
they've
come
up
with
two
designs.
B
So
we
were
discussing
in
the
shape-
and
I
think
nikhil
suggested
that
we
shouldn't
have
this
in
the
first
place,
because
it
actually
takes
the
user
to
a
completely
different
layer
and
then,
while
you
probably
should
skip
the
navigators
all
together,.
A
Cool-
and
this
is
the
website's
call
for
monday
february,
28th,
nice,
so
yeah
there's
a
couple
of,
I
think
one
of
the
things
that
is
a
challenge
for
in
part
as
a
challenge,
for
the
way
that
this
site
is.
Is
that
well,
it's
a
single
site,
and
it
has
you
know,
information
about
the
project,
its
features,
its
functions,
and
then
it
also
has
a
full
set
of
well
where
it
has
documentation
as
well,
and
the
documentation
is,
you
know,
is
enough
to
navigate
onto
its
own.
A
I
yeah,
so
there
had
been
kind
of
two
menus
at
one
point,
one
for
like
the
project
facing
feature
facing
for
site
and
then
one
for
the
docs.
So
if
you
go
just
as
you
think
through
this
fully,
if
you
go
to
the
docs.
A
A
D
D
Yeah,
I'm
saying
is
like
considering
that's
the
only
source
of
navigator
for
dog
page.
I
think
we
are
going
to
have
the
sidebar
yeah.
G
D
C
Yeah,
so
I
think
like
having
it
on
edge,
would
be
better
idea
like
it
is.
C
That
doesn't
look
that
good,
so
I
think
like
placing
it
on
edge.
Will.
E
Hello,
hello!
Yes,
yes,.
I
F
C
A
Yeah,
you
know
just
if
you
end
up
leaving
both
men,
you
saw
you
know.
I
think
that
there's
merit
to
what
nikhil
had
said
about,
maybe
that
you
know
maybe
there
isn't
a
need
for
two
menus,
should
two
menus
stay
and
and
the
most
intuitive
menu
being
the
one.
A
That's
in
the
upper
right
hand
corner,
because
it's
just
you
know,
that's
more
of
a
common
placement,
but
if
they
both
do
stay
yeah
that,
like
yash's,
pull
tab
in
the
mesher
ui,
if
that,
if
there
were
something
similar
kind
of
a
vertical
rectangular
like
slider
or
a
bar,
that
you
click
on
that
that
says
geo.
So
I
don't
know
what,
if
it
I
don't,
I
mean
the
acronym
toc,
isn't
necessarily
intuitive
either
yeah.
Oh,
that's
funny!
Okay,
fine!
Now,
abba
j
is
just
showing
off.
I
guess.
Okay,
but
yeah.
A
I
mean
that
that's
a
heck
of
a
lot.
That's
a
good!
It's
a
great
step
right
there
I
mean.
I
mean
that
that
to
me,
especially
if
the
the
double
chevrons
were
like
vertically
aligned
in
the
or
horizontally
in
the
middle,
that
that's
certainly
indicative
of
like
I
would
expect
to
see
something
of
a
menu.
I
would
expect
to
see
a
temporary.
You
know
something
and
then,
to
the
extent
that
that's
a
navigator
that
makes
a
ton
of
sense,
yeah.
C
Yeah
for
and
for
that,
the
purpose
you
just
said
that
it
is
not
specifying
the
use
case,
so
we
can
use
tooltip
for
that
like
on
tooltip,
we
will
add
but
yeah.
It
is
not
working
working
mobile
phone,
so
it
will
not
help.
C
That
that
arrow
will
show
you
the
side
content,
so
we
may
and
not
need
to
specify
for
the
mobile
view.
C
Yeah,
so
can
you
open
that
pier
so
yeah,
so
yeah
vidya
is
working
on
implementing
open
graph
for
the
nighthawk
project
but
like
she
was
facing
some
health
issues?
That's
why
she
is
not
able
to
contribute
in
on
this
fair.
But,
like
I
tried
on
my
side,
I
used
the
same
dimensions
which
is
mentioned
for
the
twitter
and
for
the
facebook,
but
it
is
not
working.
I
don't
know
why
it
is
not
working
so
can
we
apply.
I
have
a
question
that
can
we
apply
padding
on
these
images?
C
Is
it
possible
to
allow
to
apply
padding
on
these
images
because
it
is
not
taking
the
actual
size?
It
is
not
fitting
in
the
image
like
it
is
get
cropped
for
twitter
and
facebook,
specifically.
A
C
A
Oh
okay,
so
you
okay,
so
so
no,
you
haven't
manipulated
the
logo.
Okay
yeah!
So
it's
really
quick
to
for
us
to
you
know,
cut
a
new
image
that
has
additional
margin
additional
padding.
In
the
background.
A
By
the
background
I
mean
not
the
green
part
of
the
logo,
but
the
the
rest
of
the
image
itself
just
needs
a
little
more.
They
like
to
have
certain
aspect
ratios
and
so
twitter
is
set
to
do
like
a
fill
content
type
thing,
and
so,
if
the
image
doesn't
isn't
in
of
the
dimensions
of
the
aspect
ratio
that
they
like
or
not,
I'm
sorry
that
they
like,
but
that
they
use.
Then
then
your
image
will
spill
over
it
like
ours
is
so
we
need
it
to
be
a
little
taller
than
it
is
wider.
C
And
so
yeah,
but
like
I
tried
to
manipulate
image
once,
but
it
is
not
working
like.
I
tried
the
exact
same
direction
that
is
offered
by
twitter,
which
is
1200
into
630,
but
it
is
not
working
here
and
I
also
added
some
padding
to
the
logo
as
well.
A
Nice
yeah
yeah
there's
somebody
else
on
the
call
that
has
had
some
trouble
with
sizing
images
for
okay,
yeah
yeah
cool,
hey
I'll
I'll
go.
Do
you
know
what
the
dimensions
are?
I.
D
A
I'm
sorry
remind
me,
did
we
say
we
wanted
the
image
with
or
without
the
word
nighthawk.
G
A
B
Okay,
so
the
next
topic
is
by
siddharth
who's
on
the
caller.
C
Yeah
hello,
can
you
guys
see
my
screen
now.
C
We
just
yeah
yeah
yeah,
so
abhijee
assigned
me
this
task
so
and
in
this
task
I
had
to
like
optimize
the
images
which
are
present
in
the
community
section
of
layer
5
website.
So
the
like,
there
is
a
image
corrosion
and
I
had.
C
Yeah,
so
I
had
to
optimize
these
images,
so
I
used
some
plugins
gatsby
image
plugin
and
what
happened
after
optimizing
these
images,
some
of
the
images
kinda
got
cropped
out
from
top
and
bottom,
so
I
have
no
clue
how
to
like
solve
it.
I
can
show
you
like
how
it
looks.
C
So
most
of
the
images
are
working
perfectly,
but
give
me
a
second
like
this
google
summer
of
code.
This
image
is
cropped
out
from
top
and
bottom,
so
there
are
some
couple
of
images
which
are
getting
cropped.
So
I
like
this
image,
also
like
it,
is
getting
cropped
from
top
and
bottom.
I
tried
to
fix
it
using
css
properties
like
I
use
bunch
of
css
properties
so
that
it
could
get
contained
inside
a
wrapper
but
turns
out
like
after
optimizing.
E
I
asked
it
around
in
gatsby
community
about
the
image
dropping
it.
We
are
also
facing
it
in
the
books
yeah
book
stage.
They
are
saying
that
it
might
be
a
single
image
issue.
They're
also
they're,
also
not
sure
about
that,
because
in
a
slider
of
four
there
is
only
one
image
which
is
cropping
out
so
yeah.
C
Yeah,
even
I
tried
to
like
like
find
a
solution
once
I
dropped
this
question
and
asked
in
the
discard,
gatsby
official
discord,
community
and
cto
ins
itself
commented
on
my
query
and
he
suggested
me
to
fix
the
resolution
before
optimizing
optimization
and
I
tried
to
figure
out
how
to
fix
the
like
set
up
the
resolution
part,
but
I
couldn't
able
to.
A
Just
as
a
quick
recap,
the
you're
trying
to
make
some
performance
improvements
by
ensuring
that
the
the
file
size
of
each
of
the
images
loads
with
as
high
quality
as
possible,
but
also
as
quickly
as
possible.
In
doing
so,
your
you
know
we're
relying
on
the
plug-in
to
help
with
that
part
of
what
you're
finding
is
that
the
images
don't
quite
fit.
That's
what
you're
saying
some
of
them
one
or
two
of
them
get
cropped
yeah.
H
A
Yeah
yeah,
it
just
has
to
do
again
with
the
exact
kind
of
issue
that
we're
facing.
We
were
just
talking
about
it.
It's
about
aspect
ratio,
I
mean,
if
you
think
about
it,
like
it,
wouldn't
really
yeah
see
right
there
on
the
right
hand,
side
where
this
head
well.
Okay,
so
you
know
you
see
how
the
right-hand
side
arrow
is
off
and
there's
extra
margin
on
the
right-hand
side,
okay,
yeah
that
may
or
may
not
have
anything
to
do
with
aspect
ratio.
A
Some
of
that
might
have
to
do
it
might,
but
it
also
might
have
to
do
with
just
the
the
rest
of
the
css
around
this.
A
You
know
around
the
container
that
contains
the
carousel,
also
the
carousel
itself
on
whether
or
not
it's
resizing,
but
to
the
extent
that
it
doesn't
necessarily
feel
like
did
it
to
the
extent
that
someone
else
has
suggested
that
maybe
the
size
of
the
images,
the
the
aspect
ratio,
which
means
like
how
tall
it
is
versus
how
wide
it
is
yeah,
yeah,
yeah
that'll,
definitely
throw
anything
off
unless
it's
set
to
either
like
overfill
like
spill
over
content
or
under
fill.
A
Or
what
have
you
like,
then
like
see
right
there
that
that
picture,
if
you
go
back
one
okay
to
the
istio
up
and
running
so
so
it's
quite
a
tall
image.
If
you
can
you
press,
can
you
do
okay?
So
if
we
okay,
all
right
so
do
you
guys
see
the
up
the
chevron
that
is
the
up
arrow
in
the
lower
right
hand
corner?
Doesn't
that
look
strikingly
like
it
fits
very
well
in
the
margin
there?
Maybe
because
maybe
it's
having
an
effect
and
bumping
over
the
carousel
potentially
is
another
potential
possibility.
A
Do
we
still
have
the
same
margin
issue
these
doing
these
couple
of
tests
can
tell
you
like
hey
it's
an
aspect
ratio
issue
with
the
images
that
are
in
the
carousel
or
it's
not
in
like
more
because
of
the
results
of
what
just
happened.
It's
like!
Maybe
it's
not
having
to
do
with
the
aspect
ratio
of
the
image,
because,
because
it's
okay,
actually
another
way
of
testing,
is
reduce
the
width
by
a
three-quarter
by
a
quarter.
So
have
it
like
three-quarters
of
the
width
of
what
you
have
it
right
now?
A
A
A
Yeah,
I
I
my
money
is
on
that
chevron
that
that
top
button
being
the
issue
seems
like
it's
probably
I
don't
know,
maybe
not
like
it.
Overlaps
see.
If
you
s,
if
you
position
the
chevron
right
in
the
middle
of
the,
if
you
go
up
just
a
little
bit,
yeah
right
there,
yeah,
okay,
the
fact
that
it's
overlapping
okay,
maybe
there's.
B
D
So,
like
ask
for
the
latest
reports
of
inside
only
the
only
issue
that
we
have
as
a
problem
like
the
major
issue,
is
unwanted
javascript
loading
and
those
two
are
affected
by
two
major
libraries,
which
are
one
of
them
being
our
measuring
box
diagram
and
the
other
one
being
the
srl
image
data.
D
D
I
just
noticed
that
so
that
was
also
updated
in
the
appear,
though,
it's
that
yes
get
too
much
and
the
other
one
is
limiting
this
component
to
the
pages
only
where
it
is
used,
but
so
this
weekend
I
did
something
and
unfortunately
how
gatsby
work
is
it's
clearly
packages
or
the
like.
Webpack
is
used
as
the
mediator
to
create
the
package
or
the
scripts,
which
would
be
load
for
the
page
and
by
default,
since
it's
a
static
site,
all
the
ships
are
loaded
together
on
the
home,
page
etc
by
default.
D
If
we
are
not
lazy
loading
it
so
in
case
of
our
website,
we
don't
until
react
18.
We
don't
have
react
easily
supported,
so
we
don't
have
the
feature
of
vrcleave,
but
there's
another
option
that
is
loadable
console
and
galaxy
provides
the
plugin,
which
is
cat,
reloadable,
loadable
component
ssr
for
server
side
rendering.
D
D
So
in
the
last
one
like
I
tried
to
use
that
plugin
and
was
failing
and
getting
a
compilation
issue.
So
if
anyone
has
time
and
want
to
try
it
out.
A
Little
hard
to
hear
I
was
trying
to
keep
up.
I
I
think,
for
my
part,
I
think
I
got
the
gist
of
what
you
had
said.
Can
you
repeat
the
last
part
of
you
had
said
hey
if
anyone
has
any
time.
D
So
this
the
plugin,
which
I
mentioned
in
the
chat
that
is
used
to
load
the
components
when
it's
needed
by
that
particular
page
or
when
the
viewport
is
in
that
particular
page.
D
But
unfortunately,
when
I
tried
to
use
that
plugin
our
project
in
layer
56
and
try
to
come,
build
the
site
locally.
It
was
feeling
so
I've
added
that,
like
I've
commented
it
in
the
respective
repo
of
that
plugin
like
there
was
an
issue
related
to
it.
Some
time
ago
they
made
a
new
lease
and
supposedly
that
should
have
been
fixed,
but
that's
still
reproducible.
D
A
B
D
D
A
Yeah
I'll
I'll
look
now.
D
For
layer
fiber,
we
asked
for
okay,
so
the
thing
is
in
our
current
site.
We
in
the
for
the
pages.
We
are
not
getting
the
experience,
header
experimenters,
which
would
block
the
user
to
use
our
page
as
an
iframe
in
their
effect
this.
D
If
one
can
do
so,
then
that
would
allow
click
checking
issue
like
allowing
someone
to
use
our
site
as
a
dummy
image
in
their
own
site,
so
that
someone
could
hack
your
machine
or
do
some
other
stuff
which
you
are
not
interested
in,
so
that
would
but
using
x
parameters
that
could
be
avoided.
But
again
that
brings
us
to
the
issue
that,
since
we
are
using
data
pages,
we
can't
control
the
diversion.
A
Yeah
I
mean
like
the
yeah,
the
individual
that
sent
in
the
clickjacking
security
concern
is
doing
what
a
lot
of
people
do,
which
is
looking
to
build
up
a
resume
of
having
sent
in
security
issues,
and
it's
just
like
that's
never
going
to
affect.
We
don't
ask,
we
don't
really
ask
anybody
for
yeah,
we
do
a
there's,
nothing,
we
can
do
about
it
b.
It
ain't
ever
gonna
happen
c
is
wasting
our
time.
A
I
don't
know
it
like
and
let
unless
you,
unless
you
guys
see
it
differently
unless,
like
like,
I
just
I
don't
I
don't
see
anyone,
we
don't
ask
anyone
like
the
big
okay,
so
with
click
checking
and
with
the
type
of
click
checking
that
is
being
reported.
A
On
layer5.io,
then,
there
might
be
incentive
to
try
to
click
jack,
to
try
to
trick
our
users
into
filling
in
their
credentials,
sensitive
info
and
then
and
trying
to
steal
it.
I
mean
today
we
just
there's
none
of
that
going
on
other
than
someone
typing
in
an
email
address
into
a
form
and
there's
like
zero
incentive
for
anybody
to
actually
come
and
try
to
click
jack,
us
plus
the
resolute.
So
the
probability
is
quite
low.
A
The
severity
is
quite
low
and
then
our
ability
to
do
anything
about
it
in
it
at
the
moment
is
nil.
So
it's
like
now
having
said
that,
as
we
look
toward
the
learning
paths
and
we
look
to
have
people
log
in
so
they
can
track
their,
so
they
can
keep
track
of
their
bookmarks,
so
they
can
keep
track
of
maybe
quiz
answer,
quizzes
and
quiz
answers
that
they've
asked
and
that
they've
answered.
A
And
maybe
whether
or
not
they've
received
a
certificate
of
completion
or
certificate
for
the
knowledge
that
they've
gained,
but
there's
a
little
more
incentive.
That
particular.
A
The
same
authentication
service
that
that
we
run
to
allow
people
to
sign
in
to
measure
that's
probably
the
same.
It's
it's
a
small
golang
program
that
was
written
here
so
that
we
control
it
runs
in
a
super,
tiny
vm
on
aws
and
and
so
we
can
take
and
redirect
this
click
jacking
concern
to
that
I
mean
that
would
be
my
suggestion.
A
A
A
That's
because
this
system
isn't
meant
for
general
purpose
login.
It's
meant
for
mesh
a
mesh
reservoir
instance
semester
ui
instance
to
initiate
a
login
request
and
when
it
does,
it
passes
along
certain
certain
query,
string
parameters
and
since
those
are
missing
so
anyway,
so
we
don't.
We
don't
really
have
a
click.
Jacking
we're
not
really
vulnerable
to
click
jacket
because
there's
nothing
to
jack
and
then
so
that
sets
that,
aside
for
our
current,
you
know
site
moving
forward
as
we
have
the
ability
to
sign
in
it's
like
yeah.
You
know,
okay,
this
is
good.
A
This
is
actually
we
have
a
remind.
We
have
a
healthy
suggestion
up
front
that
we
should
make
sure
that
our
server
is
setting
these
x-frame
headers.
So
one
thing
that
we
could
test,
I
think
I
think
right
now
is.
If
we
were
to
look
at
the
page
source
on
this
page
is
in-
and
you
know,
is
it
setting
those
headers
and
and
if
not,
this
is
a
good
place
to
address
it
or
we
can
address
it
up
front.
I
should.
A
Nikhil
now
the
solution,
a
question
for
you
in
case
you
know
the
the
solution
here
needs
to
be
performed
server-side,
because
otherwise,
if
it
was
just
client-side,
you
could
hack
around
that
or
hackers
could
get
around
that
setting.
So
the
setting
needs
to
come
from
the
web
server
from
the
server
that's
serving
the
pages
so.
A
So
good
so
there's
so
nikhil
and
deborah
priya
are,
I
think,
the
only
two
people
on
the
call
at
the
moment
that
have
access
to
that
server,
because
they're
lifers
here
so
they
have
access
to
like
everything.
A
A
Does
that
make?
Does
that
make
sense
to
everybody
like
you
know,
quickjacking
to
me?
It's
not
not
being
security
focused,
you
know
it's
something
that
I
had
to
go
look
up
to
just
sort
of
see
the
details
of
what
might
go
on
and
it's
you
know
more
or
less
like
a
form
of
a
man-in-the-middle
attack,
which
is
to
say
with
iframes.
A
A
You
can
display
one
web
page
inside
of
another
web
page
basically,
and
so
what
nikhil
was
describing
just
to
describe
clickjack
just
for
everyone
to
get
something
out
of
the
last
eight
minutes
of
me.
Droning
on
click.
Jacking
is
essentially
a
man-in-the-middle
attack
and
someone
correct
me
if
I
get
this
wrong,
but
it's
a
man
in
the
middle
of
attack
in
which
a
visitor
would
go
to
a
url.
You
know
they
would
visit
a
url
unbeknownst
to
them.
There
would
basically
be
an
iframe,
that's
transparent,
that's
sort
of
invisible
to
them.
A
That
is
sit
more
or
less.
You
know
essentially
sitting
on
top
of
the
real
site
that
you're
visiting.
So
since
it's
transparent,
you
basically
see
the
real
site
and
you
click
through
it.
You
type
you
type
into
it,
you
do
it
you,
normally
you
know
to
a
user,
it's
transparent
but
unbeknownst
to
them,
because
there's
this
like
transparent,
iframe
sitting
in
between
their
keyboard
and
their
mouse,
that
other
that
iframe
is
able
to
capture
keystrokes
and
mouse
clicks
and
basically
capture
sensitive
info
in
that
way.
A
A
All
right,
so
mesherie
is
made
up
of
many
components:
the
way
that
we
package
the
core
of
mesherie.
You
know
the
meshri
server
meshri
ui.
A
Those
are
that's
generally
packed
packaged
into
the
same
container
image,
and
then
we
have
individual
container
images
for
meshrey's
adapters.
Another
component
is
the
is
meshri
cloud,
which
is
it's
a
it's
a
remote
provider.
A
Ask
you
to
log
in
this
is
the
first
page
that
you
see
when
you
pull
up
your
meshre
interface
you're.
Actually,
you
know
you're
sitting
at
this
url
slash
provider,
which
is
to
say
that
that
mescheri's
rest
endpoints
meshes
rest
based
api
server
and
mescheri's
graphql
based
api
server.
They
both
have
all
of
their
api
endpoints
protected
because
measury
when
you're
running
when
it's
administrating
your
your
clusters,
it
has
a
lot
of
power,
has
a
lot
of
access
to
your
cluster.
A
So
you
want
to
you
want
to
protect
those
endpoints
so
that
someone
doesn't
you
know
some
nefarious
actor,
doesn't
use
meshri
to
delete
a
service
mesh
or
delete
your
cluster
or
that
kind
of
thing.
So
almost
all
of
the
measuring
server
endpoints,
which
are
either
one
of
two
things:
it's
either
a
rest,
endpoint
or
a
graphql
point
they're
all
protected,
except
for
like
one.
I
think
just
one
is
open
and
you
can
actually
go
to
it
by
slash
api.
A
You
can
you
can
hit
it
at
slash
api
system,
slash
version,
so
I
haven't
offed
to
the
system
yet
and
I'm
running
in
a
private
browser
window,
which
means
I
don't
have
a
cookie
or
an
active
token
I
haven't
authenticated.
A
If
I
go
to
api
system,
slash
version,
we
just
get
back
a
small
json
blob
that
says
a
bit
of
info
about
mesh
reserver
about
the
system
in
its
version,
so
the
build
number
of
measures,
here's
the
build
number,
here's,
the
here's,
the
current
build
that
I'm
running.
Here's
the
latest
build
that's
out
there.
A
It's
saying
that
it's
saying
it's
outdated!
Wait!
Oh
okay,
am
I
outdated?
Am
I
running
an
old
server
and
saying
no
you're,
not
you're
running
the
latest?
Okay,
I'm
the
anyway!
Well,
I
don't
need
to
explain
all
this
stuff
I
just
anyway.
The
point
is:
is
like
everything's
protected,
except
this
endpoint.
This
endpoint
isn't
protected,
because
if
you
want
to
run
something
like
measuring
ctl
version
like
without
having
logged
into
your
system,
you
wouldn't
be
able
to
to
run
something
like
this.
Unless
this
is
unprotected
so
meshrictl,
it's
just
another
rest
api
client.
A
Like
performance
profiles,
this
is
auth,
so
I
have
so.
This
client
has
a
token
that
it's
using,
that
is
that
this
client
is
separately
authenticated,
which
is
kind
of
interesting
right.
This
client
is
not
authenticated
because
it's
a
private
session,
okay
anyway,
I
digress.
I
digress
all
right
so
so,
if
you
go
when
you,
when
you
go
sign
in
this,
is
measuring
cloud,
this
is
a
remote
provider.
A
So
there's
a
lot
of
details
about
this
that
are
in
the
community
drive
as
well
as
some
of
these
are
in
the
docks
themselves.
So
what
just
happened
is
when
I
clicked
when
I
chose
a
provider.
If
I
go
back
so
from
here,
I
choose
a
provider
I
get
redirected
to
wherever
that
provider
is
hosted
in
this
case,
meshrie
cloud
as
a
provider
is
hosted
at
mestre.layer5.io
now,
because
my
request
came
from
meshre
server
from
mastery's
ui
right
there.
It
also
included
some
of
those
additional
query
string
parameters
that
I
was
referring
to.
A
So
it
has.
It
has
this
login
challenge,
which
is
you
know,
which
is
specific
to
measuring
and
necessary,
because
the
meshri
cloud
it
expects
to
see
a
challenge.
A
Otherwise,
today
it
will
just
respond
with
that
error,
saying
you
know,
there's
a
mish
mesh
right,
there's
a
a
mismatch,
so
mesh
recloud
is
a
system
that
has
three
components:
has
a
small
go,
laying
cert
there's
some
diagrams
of
this,
but
you
know
too,
but
there's
a
small
golang
server
super
tiny
golden
that
the
google
link
server
is
serving
up
this
web
page
and
it's
facilitating
connectivity
to
any
of
these
identity
providers.
So
mesherie
cloud
is
not
an
identity
provider,
it
is
not,
it
does
not
say.
A
Oh,
you
could
also
use
your
email
address
and
then
create
your
own
local
account.
That's
specific
to
mesri
cloud
like
it
doesn't
give
you
that
option,
because
it's
not
a
an
identity
provider.
It's
just
facilitating
the
transaction
for
authenticating
you
with
other
popular
identity
providers,
part
of
how
it
does
that
is.
It
runs
another
component
called
hydra
well
hydra
from
ori,
which
is
an
open
source
project.
A
Ory
hydra
hydra
is
an
open,
auth.
Two
point
and
oauth
2.0
compatible
open
id
compatible
hydra
is
an
2
open
id
connect
provider,
in
other
words
an
implementation
of
oauth
2,
and,
and
so
it
helps
so
so.
There's
another
component
that
we're
using
that
helps
facilitate
some
of
the
complexities
of
like
interac
of
doing
the
oauth
2
exchange
and
the
open
id
exchange.
So
so
that's
the
second
component
inside
of
measured
cloud,
and
so
as
I
when
I
click
here,
part
of
hydra
will
come
into
play
like
it's.
A
It's
beginning
to
facilitate
now
the
transaction
between
this
interaction
between,
in
this
case
twitter
and
and
so
now,
I'm
interacting
if
you
notice,
I'm
at
api.twitter.com.
So
now
I've
been
redirected,
my
user
is
interfacing
with
twitter.
Twitter
is
going
to
say
the
the
credentials
that
you're
providing
are
either
correct
and
you
are
who
you
say
you
are
or
not,
and
since
those
are
correct,
twitter
will
respond
back
to
measurey
cloud.
A
Saying
yep.
This
person
is
is
good
to
go
meshri
cloud
that
hydra
component.
It
will
generate
a
new
jwt
token
because
yeah,
because
what
it
was
looking
for
from
twitter
was
just
I
don't
know
who
these
credentials
are.
You
do.
Are
these
accurate?
Yes
or
no?
Yes,
they
are
okay,
I'll
generate
a
new
token.
A
This
person-
you
know
this
user
is
saying,
is
who
excuse
me
is
who
twitter
says
they
are
right
and
then
without
the
user,
knowing
really
like,
then
after
the
token
is
generated,
mesh
recloud
that
golang
server
redirects
you
back
to
your
original
local
measuring
ui.
So
I'm
all
of
a
sudden,
I'm
back
at
localhost
that
whole
transaction
is
diagrammed
and
kind
of
separate,
but
okay.
So
then,
now
there's
every
time
that
I
go
to
interact
with
any
of
the
apis
being
served.
A
I
have
a
valid
authentication
token
and
can
nav
through
the
system,
the
third
component
to
measuring
class.
So
so
the
third
component
is
measuring
cloud.
Is
a
small
postgres
database.
It's
a
really
small
postgres
database
that
just
tracks
keeps
track
of
stuff.
That
goes
on
so,
to
give
you
one
more
so
measuring
cloud
that
small
little
golang
server
it
just
has
like
it
has
like
six
web
pages,
or
so
it's
pretty
small
and
some
of
those
have
to
do
with
just
there's
a
back
end
admin
section.
A
And
since
we're
streaming
to
youtube
I'll,
just
I'll
show
some
generic.
I
won't
show
these
other
two
areas,
but.
A
But
some
statistics
about
the
rate
by
which
or
the
number
of
events
that
are
occurring
in
measuring
cloud
so
like
from
the
time
that
we've
been
running
it,
how
many
people
have
like
have
signed
up
how
many
people,
how
many
times
have
raised
test
results,
been
published?
How
many
times
have
people
logged
in
so
there's
kind
of
these
four
statistics,
logins
performance
test
results,
conformance
test
results
and
individual
signups
and
so
there's
different
ways
of
looking
at
it.
But
this
is
just
an
accumulative
graph
of
of
that
over
time.
A
So
an
interesting
stat
to
look
at
is
like
just
over
the
last
couple
of
years
how
many
people
have
signed
up
so
back
in
march
of
2019.
There
were
about
three
for
that
month
and
there
were
20
for
the
next
one,
you
kind
of
so
today,
just
for
mastery
cloud
itself,
there
have
been
about
almost
1200
people
who
sign
in
so
that's
good.
A
It's
good!
There's
one
thing
to
look
at:
let's
reduce
the
width
of
this
so
that
the
curve
looks
nicer
there.
We
go
look
at
that.
That's
amazing!
A
Okay,
anyway,
there's
a
different
whoa.
Look
at
that
there's
a
different
one
here.
This
login
is
actually
mislabeled.
A
It's
not
login
as
much
as
it
is
anytime
that
you're
inside
of
measuring
cloud
and
you're
sort
of
refreshing
the
screen
or
going
to
a
different
screen
that,
if
you're
signed
in
to
mesh
recloud,
which
some
users
sign
in
and
some
don't-
and
I
don't
know
what
percentage
of
the
difference
that
is,
then
this
is
just.
It
keeps
track
of
all
the
events
like
how
many
times
that
that
happens,
and
so
yeah
anyway.
A
A
A
Okay,
so
anyway,
in
order
to
set
the
x-frame
headers,
there's
a
small
golang
program
that
we
would
that
that
uses
similar
frameworks
as
to
what
mesh
reserver
does
so,
I
think
gorilla
is
used
as
a
framework,
not
that
that
would
be
where
that
header
would
have
to
be
set.
But
it's.
A
Wait
so.
D
A
And
so
then
measuring
cloud
like
oh
well,
maybe
we
start
to
call
it
something
else
like
or
because,
because
it
has
multiple
purposes,
then
it's
not
just
for
authenticating,
too
meshri,
but
there's,
but
it
makes
I
think,
some
decent
sense
that
we
would
use
the
same
auth
system
and
not
separately
run
one
auth
system
for
an
account
over
at
mesri
and
one
author
system
for
an
account
over
on
the
learning
paths
like
one,
because
we
have.
A
A
Like
this,
you
go
to
you
go
to
your
local
host
of
your
local
meshery
server
and
I
just
opened
a
private
browsing
window,
so
it
doesn't
have
a
cookie
like
it
doesn't
have
an
authentication
token.
It's
not
presenting
my
client.
My
web
client
is
not
presenting
one,
so
measuring
server
says:
wait,
you're,
not
authenticated!
A
I'm
going
to
block
you,
I'm
going
to
stop
you
out
here
on
slash
provider
and
so
to
answer
nikhil's
question:
it's
like
okay,
so
slash
provider.
This
small,
like
there's
mesh,
reui
and
nikhil,
is
very
aware
of
this.
I'm
just
but
like
as
you
tie
all
these
pieces
together,
there's
measuring
ui
as
a
a
web
app
and
then
a
separate
web
app
provider.
A
The
the
reason
the
primary,
like
maybe
we
can
consolidate,
but
the
primary
reason
for
this
separation
is
that
base.
Basically,
all
the
input,
basically
anything
that
measure
ui
wants
to
serve
up
needs
it's
going
to
require
that
there's
a
token
present
and
mesri
the
slash
provider.
Ui
intentionally,
is
very
super
small
and
it
doesn't
require
a
token.
It
just
facilitates
choosing
one
provider
over
the
next
and
so
to
answer
in
the
kills
question.
A
It's
like
okay,
in
the
moment
in
which
you
choose
one
provider
over
the
next,
the
provider
ui
will
pass
along
like
will
redirect
the
user
to
their
selected
provider,
and
it
will
also
add
on
additional
info
like
what's
the
like.
What's
the
ver
it'll
format
that
query
with
additional
info,
and
so
the
specifics,
the
the
the
even
more
specifics
to
answer
that
question
are
like
under
here
in
provider
ui
and
then
looking
at
the.
A
End
point
that
it
has
for
so
this
provider
component
js.
When
someone
makes
that
selection
like
we
would
kind
of
river,
we
would
sort
of
look
back
through
okay
well
when
they
make
that
selection.
What
internal
endpoint
is
being
called,
and
then
we
go
look
at
that
golang
and
look
at
like
what
additional
like
query
string
info
like
what
else
is
it
passing
along.
A
A
I
I
assume
that
there
I
can't
remember,
like
I
assume
that
there's
golang
involved
in
terms
of
not
just
redirecting
straight
from
javascript,
but
it
might
be
straight
from
java.
Javascript
too.
D
H
A
A
Yeah
one
of
the
things
that
was
that
piyush
singuria
is
recent,
is
he
has
an
open
pull
request
on
is
this
is
to
stop
this
behavior,
the
behavior,
where,
if
you
don't
have
the
appropriate
query,
string
that
you'll
get
this
you'll
get
this
response
he's
removing
that
the
primary
reason
that
we
had
this
in
the
past
was
because
at
one
point,
mesh
tree
cloud
and
mesherie
server
had
different
capabilities
and
at
one
point
their
versions
were
they
behaved
in
an
incompatible
way,
and
so
we
wanted
to
make
sure
that
way.
A
This
is
like
a
year
and
a
half
ago
that
if
people
had
mismatched
versions
that
they
were
presented,
they
weren't
just
given
an
error
that
they
were
given
some
information
about
what
to
do,
and
so
it's
hardcoded
in
here
and
it
might
be
in
this
string.
I
don't
know
it's
hard
coded
in
here
that.
A
It
does
a
version
check
to
see
what
version
of
mesh
re
server
you're
running
and
and
it's
it's
like
a
year
and
a
half
old.
We
we
don't
need
to
worry
about
the
compatibility
anymore,
they've
been
compatible
for
a
long
time.
We
need
to
remove
this
check
so
that
as
a
next
step,
what
people
would
see
is
they
would.
They
would
basically
see
not
this.
They
would
see
this
whether
they
came
from
measure
ui
or
not,
and
we
need
to
start
to
okay,
fine
and
then,
as
a
next
step.
A
A
Yeah,
it's
it's
an
intriguing.
It's
an
intriguing
set
of
interactions
too,
just
for
the
oauth
2
flow
and.
A
B
Yeah
I'll
bring
this
up
in
the
next
call.
There
was
one
small
thing
again
based
on
the
paid
speed
reports
that
some
images
don't
have
an
explicit
width
and
height,
so
I'll
create
issues
for
that.
So
this
is
basically
serve
two
purpose.
One
is:
it
maintains
the
aspect
ratio
even
in
smaller
screen
sizes
and
the
second
is
related
to
the
accumulated
cumulative
layout
shift.
So
basically
it
doesn't
hinder
the
pick
the
display
of
whatever
is
on
the
kids
too
much.
A
A
It's
always
been
my
experience
that
you'd
all
so
long
as
you
only
define
width
or
height
as
something
it's
not
if
you're
specifying
it
other
than
just
100
or
auto.
You
could
specify
them
both
as
100
or
both
of
them
as
auto
and
you're,
probably
fine
in
terms
of
aspect
ratio
being
maintained,
but
I've
found
that
if
you
specify
them
both
statically
and
do
re
you
and
do
resizing
of
the
browser
that
it's
then
that
you
can
find
yourself
like
if
you're
just
specifying
one,
it
will
make
sure
that
one
yeah
someone.
B
G
B
So,
basically,
in
the
image
tag
itself,
we
just
add
suppose
with
200,
that's
all
and
hide
height
100,
so
that
will
maintain
the
2
is
to
1
ratio
like.
That
is
what
I
think
we
don't
specify
pixels
or
rams
like
we
don't
give
the
unit
and
it's
the
ratio
that
we
specify,
and
that
is
how
it
is.
B
Basically,
the
problem
which
people
have
done
like
which
you
were
talking
about
is
in
the
css.
They
give
width
equal
to
100,
pixel
and
height
equal
to
200
pixels,
that
that
is
the
problem,
that
is
when
it
gets
restricted
to
200
pixels.
Even
in
the
mobile
view,
this
is
a
little
different.
This
is
not
the
specific
bits
that
you
get.
B
I'll
I'll
probably
create
like
give
an
example
when
I
created.
A
Yeah,
no,
no
seriously,
it's
always
confused
me,
but
like
that
behavior
that
I've
said
is
true,
but
it's
always
been
to
me.
It's
always
been
confusing
like
like,
if
you're
specifying
200
pixels,
100
pixels
like
you're,
specifying
you
want
this
like
you're,
specifying
not
only
the
the
size
but
you're,
also
like
locking
in
the
aspect
ratios.
So
then
why?
A
When
you
resize
things,
does
that
get
wonky
like
that's
always
been
a
question
mark
in
my
mind
and
if
I'm
understanding
correctly-
and
this
is
in
part,
why
I'm
writing
it
down
because,
like
one
way
of
yeah,
it's
kind
of
a
weird
thing
like?
If,
if
you
don't
specify
unit,
you
know
unit
of
measure.
B
D
A
If
you
don't
specify
a
height
or
width,
what
would
you
anticipate
the
behavior
to
be
probably
a
hundred
percent
like
behind
the
scenes?
What
is
it
sort
of
interpreting
itself
as
anyway?
So
my
point
is
like,
if
you
don't
explicitly
specify
there
may
be
behavioral
differences
between
when
you
do
specify
a
unit
of
measure
and
when
you
don't,
even
though,
like
behind
the
scenes
it
defaults
to
px,
there
might
still
be
another
behavior.
That's
present
as
well.
B
Basically,
how
I
came
up
with
this
was:
I
was
looking
at
lazy
loading
of
images
and
videos
so
over
there
one
problem
that
happens
is
suppose
it
loads.
After
a
long
time,
if
you
don't
have
that
space
occupied
for
the
image
it
comes
in
all
of
a
sudden,
so
that
was
what
the
reports
were
saying.
So
that
is
why
I
looked
into
this
and
I
like,
based
on
what
I've
read
I
that
was
what
I
was
telling
right
now.
B
B
Anyone
I'll
have
anything
else
to
say
any
other
questions.