Heroku Blog
- Engineering
- Last Updated: April 02, 2024
- Caleb Hearth
Observatory by Mozilla helps websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely. Let's take a look at the scores Observatory gives for a fairly straightforward Static Buildpack app, https://2017.keeprubyweird.com. Test Scores Test Pass Score Explanation Content Security Policy ✗ -25 Content Security Policy (CSP) header not implemented Cookies ― 0 No cookies detected Cross-origin Resource Sharing ✔ 0 Content is not visible via cross-origin resource sharing (CORS) files or headers HTTP Public Key Pinning ― 0 HTTP Public Key Pinning (HPKP) header not implemented (optional) HTTP Strict Transport Security ✗ -20…
- Engineering
- Last Updated: May 16, 2024
- Damien Mathieu
Kubernetes is a container orchestration system that originated at Google, and is now being maintained by the Cloud Native Computing Foundation. In this post, I am going to dissect some Kubernetes internals—especially, Deployments and how gradual rollouts of new containers are handled. What Is a Deployment? This is how the Kubernetes documentation describes Deployments: A Deployment controller provides declarative updates for Pods and ReplicaSets. A Pod is a group of one or more containers which can be started inside a cluster. A pod started manually is not going to be very useful though, as it won't automatically be restarted if…
- Ecosystem
- Last Updated: January 26, 2018
- Arif Gursel
Need to quickly catch up on this past quarter's announcements? Here are the top three topics to tune in on: The Platform API for Partners provides many official endpoints that allow you to introspect security settings, discover other customer instances of the same add-on, and much more. With the Platform API, add-ons have an OAuth client secret and a number of OAuth authorizations, one token per provisioned add-on; it is only used to authenticate requests to create the scoped tokens and not used to authenticate other requests to the Platform API. Updated password requirements for the add-on manifest go into…
- Ecosystem
- Last Updated: January 24, 2018
- Arif Gursel
The Platform API for Partners provides many official endpoints that the App Info API doesn’t support. These endpoints let you introspect security settings, discover other customer instances of the same add-on, and much more. Platform API for Partners endpoints are also more consistent and “better traveled.” Heroku uses these endpoints internally, and customers also use them directly. With the Platform API, add-ons have an OAuth client secret and a number of OAuth authorizations, one token per provisioned add-on. The OAuth client secret is only used to authenticate requests to create the scoped tokens; it is not used to authenticate other…
- Engineering
- Last Updated: June 03, 2024
- Randall Degges
The following is the story of how Randall Degges created a simple API to solve the common problem of external IP address lookup and how he scaled it from zero to over 10 thousand requests per second (30B/month!) using Node.js and Go on Heroku. Several years ago I created a free web service, ipify. It is a highly scalable IP address lookup service. When you make a GET request against it, it returns your public-facing IP address. Try it out yourself! I created ipify because, at the time, I was building complex infrastructure management software and needed to dynamically discover…
- News
- Last Updated: January 18, 2018
- Camille Baldock
Today, we’re excited to announce a major update to Heroku Postgres with a new lineup of production plans. These plans are the first component of Heroku Postgres PGX, the next generation of our managed Postgres solution. PGX Plans introduce larger database sizes, more generous resource allocations, and a broader set of options to suit your needs and to help your applications scale more smoothly. PGX Plans are generally available as of today, and all new Postgres databases will be created on our latest generation of Postgres infrastructure. Underneath the hood, we've upgraded the CPU, memory, storage, and networking aspects to…
Subscribe to the full-text feed.