Category Archives: Web Design & Development

Cookies Not Saved In Internet Explorer for Facebook iframe Apps

I’m making a Facebook game using Django and was having a problem with Internet Explorer.

The Problem: After login the page would render correctly as if the user was logged in, but when navigating to another page it was as if the user wasn’t logged in. Upon investigation I could see that the cookies weren’t being saved.

The Solution: A quick Gogole search brought me to this blog post: IE Blocking iFrame Cookies. It’s an easy to fix P3P issue, and the author describes how to add the necessary header for various languages/frameworks.

Rather than add the header to each Django view or write custom Django middleware, I just added the header to my Apache configuration. The following goes in your VirtualHost Directive:


In order to work you have to enable mod_headers (run “sudo a2enmod headers”).

CSS Meta Languages and Compilers

So, I’ve finally decided to add a CSS framework into my workflow, namely Blueprint. I’m not very skilled when it comes to graphic design (though I’m trying to learn) and the CSS frameworks out there give you some nice looking web pages. The only problem is they require you to add extra classes to each HTML element you want to use them with. The whole point of CSS is you can modify it without changing your markup. If I could set an id for each element (#content, #footer) and have each id style definition simply inherit the CSS framework classes I want to use my problem would be solved, but that can only be done using a CSS meta language and compiler.

I was looking at django-css, a project which would integrate CSS compilation into my Django projects, and it mentioned 4 popular languages: HSS, Sass, CleverCSS, and LESS.

Here’s a spreadsheet comparing the features:

I think SASS is by far the most popular. I’m secretly rooting for it, since it’s probably in higher demand and would therefore be a more valuable skill to have, though it would be awkward introducing Ruby dependencies in a Python project.

The main reason I want to use a CSS meta language is for the inheritance. When looking at the documentation for CleverCSS I couldn’t see any inheritance implementation, which is a shame because it’s the only one implemented in Python and would’ve been easier to integrate into my Django project.

HASS example:

var nomargin = { margin : 0px; padding : 0px; }

pre {
    color : #FF0000;


The inherited styles can’t be a normal CSS class, so this can’t be used to inherit classes from a CSS framework.

SASS Mixin example:

@mixin table-base {
  th {
    text-align: center;

    font-weight: bold;
  td, th {padding: 2px}

@mixin left($dist) {
  float: left;
  margin-left: $dist;

#data {
  @include left(10px);
  @include table-base;

The inherited definition needs to be declared as a mixin, and I’d rather not modify any CSS frameworks. There is a project called Compass that provides CSS frameworks rewritten in SASS, but I’d rather not add yet another dependency into my project, especially a Ruby one (nothing against Ruby, it’s just undesirable within the context of a Python project).

SASS Inheritance example:

.error {
  border: 1px #f00;
  background: #fdd;
.error.intrusion {
  font-size: 1.3em;
  font-weight: bold;

.badError {
  @extend .error;

  border-width: 3px;

Just what I want, but it generates more code than needed:

/* CSS */

.error, .badError {
  border: 1px #f00;
  background: #fdd;


.badError.intrusion {
  font-size: 1.3em;
  font-weight: bold;

.badError {
  border-width: 3px;

LESS example:

.bordered {
  border-top: dotted 1px black;

  border-bottom: solid 2px black;

#menu a {
  color: #111;

.post a {
  color: red;


#menu a {
  color: #111;
  border-top: dotted 1px black;

  border-bottom: solid 2px black;
.post a {
  color: red;
  border-top: dotted 1px black;

  border-bottom: solid 2px black;

Exactly what I need. The documentation says, “Any CSS class, id or element ruleset can be mixed-in that way.” And since it’s written in JavaScript, you can load your LESS files and compile them on the client side, which should make designing and debugging a lot easier. LESS best suits my needs, so it’s the one I’ll be going with.

Update: It turns out LESS doesn’t eliminate the inherited classes, they’re still present in the output. Even so, I still think it best suits my needs.

Update 2: It looks like django-css isn’t being maintained, so you should probably use django_compressor.

Advice from my Experience with OAuth

I recently finished coding the OAuth authentication method for accessing Picasa photos from within Darkroom. Since it was written client side using JavaScript I was trying to be as minimalist as possible, so I wrote my own minimal implementation rather than using a library. I’m sure most developers using OAuth use a library, which is probably why it’s hard to find advice on writing your own implementation, so I thought I’d share some tips, FAQ style.

Use the right documentation.
There’s a lot of outdated docs out there. I frequently find myself at OAuth Core 1.0 Revision A, and it’s such a pretty page and easy on the eyes, but way at the top where you’re likely to miss it is a notice saying it’s obsolete. The notice says to use RFC 5849: The OAuth 1.0 Protocol and, although hideous, it’s up to date and more complete.

How’s the signature algorithm written?
Here’s some pseudo-code:

If you’re writing in JavaScript as well I recommend Crypto-JS.

What’s the format for the timestamp?
It’s just a UNIX timestamp (in seconds).

How do I generate a nonce value?
The OAuth spec just says it’s a random string. I think the Google documentation says something about using a string representation of a 64 bit integer. I had no idea what they were talking about, but somewhere I read you just need to md5 hash a random integer, and it worked for me.

If developing for a Google service, use their OAuth playground.
Their OAuth Playground is a great way to see the process you have to go through and what the requests look like. If trying to authenticate with another provider see if they also have an API test app.

Don’t expect detailed errors.
You’ll be lucky if the response tells you “signature invalid”, but you won’t be told what’s wrong with it. My strategy was to compare my signatures and parameters to those used by the Google Playground; taking values from there that you know are valid and using them to test your code is a good way to debug.

The scope parameter has to EXACTLY match the URLs used in your API calls
In the Google OAuth Playground, selecting “Picasa Web” will input “” for the scope. Note the use of https:// for the protocol. If you make API calls using that URL, it will fail since none of the Picasa services are served over https. If you try to make calls using regular http you will get an OAuth error saying invalid scope. In order for it all to work, you have to use “” for the scope.

Setting up SSL on Apache

While locally testing Darkroom over HTTPS, Firefox gave me the following error: “Error code: ssl_error_rx_record_too_long”. Turns out I’d never configured the Apache instance on my laptop to use SSL.

Once you’ve got the right information it’s really quick to fix. Here’s 2 links that I found helpful:

Generating an SSL Certificate with Apache+mod_ssl
Has the commands you need for generating a self signed certificate.

If while generating the certificate you get the error “unable to write ‘random state'”, you’ll need to chown the .rnd file (sudo chown user:group ~/.rnd) and try again.
I put all the generated files in /etc/apache2/ssl/.

How to get Apache to do both HTTP and HTTPS on one IP address?
Shows the basic Apache configuration needed for HTTPS. To get HTTPS working, I just copied my existing virtual host definition, modified it to use the port 443, and added the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile directives.

Here’s a copy of my file:

MugTug Darkroom, Online/Offline Photo Editing

For those of you who don’t know, a few weeks ago I joined a project called Darkroom from It’s an image processing application using cutting edge HTML 5 features such as the <canvas> element, localStorage, and application cache, and all the editing (and most of the GUI) is done client side using JavaScript, so it works even without an Internet connection.

Yesterday it was demoed during the Google I/O 2010 Keynote Speech:

There’s currently a development version live, feel free to visit the site and try it out!

Using a Test Database in Django

At Govnex we’re using MySQL on our development machines. It has several advantages, but one of the drawbacks is unittests run slower when not using Sqlite (big ups to MockSoul for posting his benchmarks). The reason for this is when running unittests in Django with a Sqlite database, the database is run in memory (RAM) instead of being written to the disk.

Django only allows you to specify one database, and although a new database is created for unittests, it still uses most of the same settings (auto prepending “test_” to the database name), which means a Django install using MySQL also uses MySQL for unittests.

To get around this problem, I created a file in my project root called containing the following lines:

I then opened my, imported sys, and inserted the following lines at the end of the file:

If one of the command line arguments is “test”, that means a unittest is being run, in which case Django will attempt to import, which will override the database settings and use Sqlite instead. Migrations won’t be an issue, since Django South uses the old syncdb command for generating databases for unittests.

Hope this helps you save some time testing.

Whitespace Management: Use Tabs, Spaces Considered Harmful

At one of my previous jobs I worked on dozens of websites that had been created by other people. I prefer to use tabs instead of spaces when indenting code, and I can get a little OCD sometimes, so every time I edited a file I would do a search and replace to change every 4 spaces to a tab character. I didn’t like the idea of having some files use spaces while others used tabs, so when I wrote a bash script for recursively searching and replacing inside text files throughout an entire directory structure, I added some code that would clean up the white space as well. The actions it performed were:

  • Converting from Windows (“rn”) or Mac (“r” on older versions) end of line encodings to Unix style encodings (just “n”)
  • Removing trailing whitespace from the end of lines
  • Condensing multiple blank lines to single blank lines
  • And most importantly, converting every 4 spaces to a tab character

I had anticipated that this would save some disk space, but I was surprised by how much; after running the bash script, the total size of each website would decrease by 10-50% (that’s not a typo, fifty), and that’s including binary files such as images and PDFs which were unchanged. Think about the impact that has. Every individual whitespace character takes up 1 byte, bytes which have to be stored on disk, loaded into memory, transferred over a network, loaded into the client’s memory, and iterated past when it gets processed by the browser. Whitespace management saves:

  • Disk Space
  • RAM
  • Processing Power
  • Bandwidth

which in turn helps save:

  • Money
  • Electricity
  • the Environment

It also helps you provide a better user experience. When browsing the Internet, I’d much rather download a 5KB HTML file than a 10KB one, since it’ll download faster and render faster.
(On a side note, generally these are all also benefits of writing standards compliant, semantic XHTML with external CSS and JS.)

Another reason I prefer tabs to spaces is, when browsing code it’s easier to tell if the proper levels of indentation are being used. If there’s one space missing or one additional space it can sometimes be hard to tell, but if a tab character is missing it’s very obvious. Also, most text editors allow you to specify how wide a tab character should be displayed, so if one developer likes 8 space indentation width, another likes 4 spaces, and another likes 2 spaces, they can all use the same code containing tabs and configure their respective editors to display the tab character at their preferred width. If you were to use 4 space characters for each indentation level, the developers who like 8 and 2 spaces are forced to use it as well.