I am signing (HMAC) outgoing webhooks to allow users to verify their source, should I also sign outgoing responses?

To allow api users to verify the authenticity of outgoing webhooks, I am using a similar model to slack:

  • Concatenate timestamp and body, HMAC with pre-shared key, add timestamp and HMAC digest to headers.

  • Recipient does the same, and compares to the digest in the header.

I can either implement this exclusively on outgoing webhooks, or I can implement it as middleware that performs this process on both outgoing webhooks, and responses to requests.

Is doing the latter good practice? A good idea?

Does Eyes of the Rune Keeper allow a Warlock to cast other classes’ spells from Scrolls?

The rules for Spell Scrolls state that:

If the spell is on your class’s spell list, you can read the scroll and cast its spell without providing any material components. Otherwise, the scroll is unintelligible.

However, the description of the warlock’s Eyes of the Rune Keeper eldritch invocation (PHB p. 111) states:

You can read all writing.

Therefore, the writing wouldn’t be unintelligible to the warlock (because the warlock can read it). Thus, if a warlock were to be able to perform any verbal or somatic components for a spell on a spell scroll, could they cast it even if it wasn’t on the warlock spell list?

Does a Hexblade Warlock’s Hex Warrior feature allow them to use Thirsting Blade on a non-pact weapon?

My question is, Can I use Thirsting Blade with my non-Pact weapon?

Example, I have a +3 Magic Longbow that I used the Pact of the Blade ritual to transform it into my Pact Weapon. (I can Only pull this now when I summon it and can’t get a sword)

I can use the Hex Warrior to channel my will through 1 weapon I touch to use my Charisma Modifier for the attack and damage rolls. (once per long rest)

Would I still be able to attack twice when taking the attack action with the Sword even though it’s not my Pact Weapon?

  • The Hex Warrior feature says (XGtE 55-56) :

    The influence of your patron also allows you to mystically channel your will through a particular weapon. Whenever you finish a long rest, you can touch one weapon that you are proficient with and that lacks the two-handed property. When you attack with that weapon, you can use your Charisma modifier, instead of Strength or Dexterity, for the attack and damage rolls. This benefit lasts until you finish a long rest. If you later gain the Pact of the Blade feature, this benefit extends to every pact weapon you conjure with that feature, no matter the weapon’s type.

  • Thirsting Blade, PHB 111

You can attack with your pact weapon twice, instead of once, whenever you take the Attack action on your turn.

How to allow single quote with esc_html__() without sprintf()

Because of security reasons we are of course required to use esc_html__() for WP development. This is annoying because if you’d want to pass a single quote into your strings, you’d have to use sprintf() to make it work. Otherwise you just get ' printed out, instead of a '.

Without using sprintf():

esc_html__( 'Wasn\'t your favorite color red?', 'domain' ); // Output: Wasn't your favorite color red? esc_html__( 'Provided reason isn\'t selected', 'domain' ); // Output: Provided reason isn't selected 

With the use of sprintf() I can get single quotes to work (of course).

sprintf( esc_html__( 'Wasn%st your favorite color red?', 'domain' ), '\'' ); // Output: Wasn't your favorite color red? sprintf( esc_html__( 'Provided reason isn%st selected', 'domain' ), '\'' ); // Output: Provided reason isn't selected 

I’d like to know if there is a different way to achieve the same output. I am afraid there is none, but I thought why not give it a shot, who knows.

Does an Artificer’s Magic Item Savant and a multiclassed Thief Rogue’s Use Magic Device allow them to benefit from a Rod of the Pact Keeper?

The Artificer’s Magic Item Savant feature states the following:

At 14th level, your skill with magic items deepens more:
• You can attune to up to five magic items at once.
• You ignore all class, race, spell, and level requirements on attuning to or using a magic item.

The Thief Rogue’s Use Magic Device feature states the following:

By 13th level, you have learned enough about the workings of magic that you can improvise the use of items even when they are not intended for you. You ignore all class, race, and level requirements on the use of magic items.

Rod of the Pact Keeper states the following:

While holding this rod, you gain a +1 bonus to spell attack rolls and to the saving throw DCs of your warlock spells.

In addition, you can regain one warlock spell slot as an action while holding the rod. You can’t use this property again until you finish a long rest.

Since these features allow an Artificer or a multiclassed Thief Rogue to ignore “class” requirements when using a Rod of the Pact Keeper, would they ignore all instances of “Warlock” in the text and benefit from the general bonus to spell attack rolls and saving throw DCs, and be able to regain one spell slot?

Related questions:
1. What requirements does the Artificers Magic Item Savant feature ignore?
2. Does an Artificer's Magic Item Savant and a Thief Rogue's Use Magic Device allow them to benefit from a Holy Avenger's 30-foot aura?

Does an Artificer’s Magic Item Savant and a Thief Rogue’s Use Magic Device allow them to benefit from a Holy Avenger’s 30-foot aura?

The Artificer’s Magic Item Savant feature states the following:

At 14th level, your skill with magic items deepens more:
• You can attune to up to five magic items at once.
• You ignore all class, race, spell, and level requirements on attuning to or using a magic item.

The Thief Rogue’s Use Magic Device feature states the following:

By 13th level, you have learned enough about the workings of magic that you can improvise the use of items even when they are not intended for you. You ignore all class, race, and level requirements on the use of magic items.

Holy Avenger states the following:

While you hold the drawn sword, it creates an aura in a 10-foot radius around you. You and all creatures friendly to you in the aura have advantage on saving throws against spells and other magical effects. If you have 17 or more levels in the paladin class, the radius of the aura increases to 30 feet.

Since these features allow an Artificer or Thief Rogue to ignore “class” requirements when using the Holy Avenger, would they gain the benefit of the 30-foot aura?

Furthermore, since they also ignore “level” requirements when using the Holy Avenger, can they benefit from the 30-foot aura at 14th and 13th level, respectively?

Related questions:
1. What requirements does the Artificers Magic Item Savant feature ignore?
2.

What overpowered combinations would be available if I allow a bonus action to be used in place of a standard action?

It has come up in game a couple of times that a player might want to cast a spell that has a casting time of 1 bonus action using their “main” action (if they have another bonus action they also want to take on that turn, such as giving bardic inspiration, or controlling a Bigby’s hand, etc.)

On the face of it, it seems obvious that something (a bonus action) that is usually much faster than a full action could be done as your full action. Although the question comes up most often with respect to spellcasting, if I house rule this, I would rule that any bonus action can be taken as a regular action instead; however, I would not allow the same type of bonus action to be taken twice (so no giving bardic inspiration to two allies on the same turn, for instance).

Are there any abusive or overpowered combinations I should be wary of if I were to allow a character to take 2 bonus actions instead of one regular action and one bonus action on a turn?

The issue of casting two bonus-action spells would not come up because the rule against casting 2 spells on your turn unless one of them is a cantrip with a casting time of 1 action would still be in effect:

PHB p. 203 (under Bonus Action casting time)

You can’t cast another spell during the same turn, except for a cantrip with a casting time of 1 action.

I know it’s hard to prove/justify a negative answer to a question like this, but I’d be happy to get answers that say you don’t think there would be any issues if you describe how you came to that conclusion.

Embed Iframe inside a Facebook post to allow users in emergency situations to report us

My company has the need to collect emergency data from our Facebook page fans.
We are doing an experiment to allow some users who are located very far from emergency services to report their cases on our Facebook page (very long story).

So we want to place an iframe with a form that was optimized for a very long time.

I saw an app that is doing that: https://quiz-app.co/

But I don’t have a clue how they did that.

Thanks

How do I allow Mozilla Firefox to use internet? [closed]

At my school Mozilla firefox is blocked for students, so only teachers could access it. The PCs are running on Linux Gnome. It has nothing to do with the cable, network manager or ifconfig eth0 up. It is only in Mozilla. You think it could be somewhere in Mozilla‘s settings (no proxy is used) .

As I was 12 I went in a IT Academy, where we had the same thing, so we couldn’t play any Flash games. We fixed it, by changing port in Mozilla in the right one, which people have seen once from a teacher.

I am saying it, because I couldn’t find the same option in the settings now.

Any information would help, thanks!

Is it possible to renew a certificate to allow end users to continue using the existing one, rather than having them implement the new one?

My organization has several certificates used for web services that are going to expire soon. We want to have these certificates renewed so that the service to our clients is uninterrupted and doesn’t require any action on their part. Is this possible, and if so, what would need to be done (e.g. create a CSR from the existing certificate, etc.)? Thank you in advance