Category: Web Development

Simple Local Web servers November 27th, 2013

I’ve had this post saved as a draft for two years, so I finally decided to clean it up a little and publish it in case anyone else finds the information useful.

In web development, for both client and server testing, it’s often very useful to have a local web server running in order to serve test cases. This post outlines a few quick and easy ways to run a local web server that don’t involve installing Apache or nginx and all their dependencies.

The simplest way I know of to get a local web server is with netcat:

brandon@dexter:~$ nc -l 8000

Then, when you hit the URL http://localhost:8000 in your browser, you will see the request show up on the terminal where netcat is running:

GET / HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0a1) Gecko/20110513 Firefox/6.0a1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0

You can then type an arbitrary response back to the browser, terminating the stream with Ctrl+C:

HTTP/1.1 200 OK
Content-Type: text/html

Hello <b>world</b>

The hello world HTML page shows up in your browser as you would expect. You could just as easily use an existing file on your filesystem as input for the response:

brandon@dexter:~$ nc -l 8000 < http_response_file.txt

Another option to consider, especially if you already have test cases or other static content ready to serve, is Python’s SimpleHTTPServer class. You don’t even need to write a script to run one of these servers locally:

brandon@dexter:~$ python -m SimpleHTTPServer 8000
Serving HTTP on port 8000 ...d

This time, hitting http://localhost:8000 in your browser will bring up a directory listing with your current working directory as the document root. Your requests are also logged on your Python terminal:
localhost - - [16/May/2011 14:55:36] "GET / HTTP/1.1" 200 -

On a separate but related note, you can get a local SMTP testing server, which only logs to the console and doesn’t actually send mail, by running:

$ sudo python -m smtpd -c DebuggingServer -n localhost:25

---------- MESSAGE FOLLOWS ----------
Content-Type: multipart/alternative;
MIME-Version: 1.0
Subject: Veracode report for 2013-10-24

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

= Plain text version =
Hello world!

Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<h1>HTML Version</h1>
<p>Hello <b>world</b>!</p>

------------ END MESSAGE ------------

Standing on the Shoulders of Giants October 15th, 2013

I recently created a new theme for my personal site*, and was struck anew by how many Open Source Software packages this site is built on top of.  To name a few of the essential ones:

In other words, every layer of the Web stack, which I use every day for fun and for profit, is powered by Open Source Software.  It would be beyond impossible to deploy a website today with rich, interactive experiences without these fundamental pillars.  I owe so much to Linux, Open Source, and Open Standards, and it is only right that I acknowledge this fact.

* Many thanks, also, to David Goines, who graciously allowed me to use his artwork in the new site design.

Update to CSP Bookmarklet January 20th, 2011

It was pointed out to me that my CSP bookmarklet was using a feature added in ECMAScript 5, Object.keys, and thus did not work in older browsers. I added a bit of code to address this:

Object.keys = Object.keys || function(obj) {
  var keys = [];
  for (var key in obj) {
    if (obj.hasOwnProperty(key))
  return keys;

Browsers that don’t natively support Object.keys will now have that functionality added when the bookmarklet runs. Go ahead, give it a try: Recommend CSP

As before, the full source is posted for you to browse as well.

Content Security Policy Recommendation Bookmarklet October 14th, 2010

I wrote a bookmarklet that analyzes the content on the current page and recommends a Content Security Policy based on the types of content it finds on the page and the sources of that content. The implementation also takes into account resources that are dynamically added to the page by JavaScript.

For instance, today I learned that ReCAPTCHA loads script both from, but also from Note to self: figure out why Google needs to know about every ReCAPTCHA load.

You can test it out by clicking the following bookmarklet: Recommend CSP

If you find it useful, drag it to your bookmarks toolbar and you can use it from any web page. Feel free to check out the bookmarklet source as well.

In the future, I would like to add notifications for potential inline script violations.

Sharing Links May 28th, 2010

Sometimes I make a tool that I use for a while and then wonder if it’s something others will find useful too. Here’s one of them…

For a while I was sharing links on my home page by linking to the feed of stories I’ve upvoted on Reddit, but that has become less satisfying as Reddit dumbs itself down each day (the same thing that happened to Digg a few years earlier). I decided to make my own link-sharing program that I could use by just clicking a bookmarklet whenever I was on a page I wanted to share.

It is a very simple program that stores the links in a flat text file and uses CORS to allow the bookmarklet to POST data to it from across domains. You can put the files in a directory on your server and use this simple bookmarklet to share links:

Drag this to your bookmarks toolbar: Share This

You can check out the server code or the bookmarklet source, or you can download the zip archive and extract the files on your server.

When you fetch the server script with GET you get back a JSON or RSS feed depending on the format parameter you pass.

Make sure the password in the bookmarklet stays synced with the password in the server file and change them to something secure.

East Bay Psychotherapist
Licensed Clinical Social Worker provides psychotherapy and counseling services for couples and individuals in the East Bay Area.