SquareSpace SEO – fixing default robots tag

I recently used the SquareSpace platform to throw together a quick company demonstration website. However even after weeks, the website wasn’t showing up in Google results.

It turns out that, by default, SquareSpace will insert a <meta name="robots" content="noindex,nofollow"> tag into the homepage! What a truly bizarre preset, as it completely nerfs your site’s SEO. Even worse, the tag cannot be configured using the site builder user interface!

The solution is to edit the page in SquareSpace and use the Advanced -> Code Injection option to manually override the <meta> tag with the correct content of <meta name="robots" content="index,follow"> as shown in the screenshots below.

My site is now indexing correctly and showing in the first SERP page. You can confirm that the tag configration has worked using the SEO Site Checkup NoIndex Tag Test webapp.

Once your homepage has the corrected <meta> tag, use Google’s URL Inspection tool to request a recrawl of the site (as per the Google Developer Docs). You can also submit the SquareSpace sitemap, which by default is set to https://www.yourwebsite.com/sitemap.xml.

Your page should now begin to have increased visiblity in Google within a couple of days.

Screenshots for SquareSpace configration:

Screenshots for Google Search Console configuration:

Search Console URL: https://search.google.com/search-console

Remapping Caps Lock to Control and Escape in macOS Big Sur

For more better text editing and great success.

I’m a big fan of VIM modal editing and keeping keyboard shortcuts as close to the home row as possible. This philosophy allows fluid text editing and staying in the “programming flow state”.

Remapping the Caps Lock key to Control and Escape is a big part of this workflow. Pressing and releasing sends the Escape key, while pressing and holding emulates the Control Key.

In macOS, I’d been using Karabiner Elements to enable this remapping, however with macOS Big Sur I could no longer get the configuration to work. This was a serious annoyance, since the VIM shortcuts are burned into my fingertips.

Enter HammerSpoon! Using the ControlEscape plugin, I am now back in remapping bliss. Below are the System Preference settings required to make this setup work.

Okta API: Postman – Invalid Session Error

Working with the Okta API, an API key can be used to authenticate calls. One would assume that the API key would be specified in Postman’s “Authorization” tab, but nope.

For some inscrutable reason, when using the standard Authorization API Key method in Postman, the following cryptic error message is excreted:

{ "errorCode": "E0000005", "errorSummary": "Invalid session", "errorLink": "E0000005", "errorId": "oa...BQ", "errorCauses": []}

This error message is… not particularly helpful, and neither the Okta docs nor Googling produces any clues as to the problem cause.

As it turns out, the solution is to set Authorization to "No Auth", and add a Header named Authorization with the value of "SSWS {{apikey}}", where {{apikey}} is the value of an API Token generated using the https://yourorg.okta.com/admin/access/api/tokens page.

So, there you have it, I hope this post saves some poor soul in the future.

Rails 6: Beware the master.key

Checking encrypted credentials into git using Rails 6 feels weird but is pretty great.

What isn’t great is getting this error when deploying to Heroku:

ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage

After running EDITOR=vim bundle exec rails credentials:edit Rails will create a master.key file which works fine, but expects all your environments to be in a single credentials file and creates a master.key to decrypt the file.

Subsequently running EDITOR=vim bundle exec rails credentials:edit --environment staging appears to not use the master key and instead autocreates a ./config/credentials/staging.key.

In Heroku, the RAILS_MASTER_KEY environment variable needs to be set to the value of staging.key, not master.key, otherwise the MessageEncryptor error is thrown. This wasn’t clear to me from various tutorials and StackOverflow posts.

Git: fix secondary ssh key unable to access repo (MFA code problem)

The Problem

For some reason after enabling MFA on my secondary (work) GitHub account, I occasionally get a “broken” SSH key loaded into ssh-agent, possibly after entering an incorrect MFA code during my .bashrc login process in terminal.

When attempting to interact with a git repo using the secondary SSH key, access is denied.

The error from git is factual but not helpful:

> git pull
ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

The Fix

A reliable solution is to clear out all SSH keys from ssh-agent and re-add:

> ssh-add -D
> ssh-add -K ~/.ssh/customkeyname-id_rsa

Eventually I’ll troubleshoot the underlying issue but for now this fix is good enough.

adding a blocklist break-glass header for Rack::Attack

When blocklisting broad IP ranges using the Rails Rack::Attack gem, it can be valuable to have a break-glass HTTP header so that legitimate users in a blocked range can still access the webapp.

The Rack::Attack docs provide most of the information on how to do this, however the syntax in the current example does not match the format of a header injected into the browser using an extension such as SimpleModifyHeaders.

As it turns out, any such headers are uppercased and prefixed with HTTP_. So if in your browser extension you set your header as SuperSecretKey, Rack::Attack would pass it through as HTTP_SUPERSECRETKEY.

The below code snippet illustrates, and also dumps out all headers to the console as a comma delimited list.

class Rack::Attack

  p "~~~~~~~~ RAAAACK ATTAAAAAAAACK ~~~~~~~~"

  # safelist by HTTP header
  Rack::Attack.whitelist("mark any authenticated user as safe") do |request|

    p "~~ HEADER CHECK ~~"

    p request.env.sort.compact.reject(&:empty?).join(',')

    puts request.env.key?("HTTP_SUPERSECRETKEY")
    puts request.env["HTTP_SUPERSECRETKEY"]
    request.env["HTTP_SUPERSECRETKEY"] == "Hunter2"


Rails: fix Bundler 2 lockfile error

The fix

gem update --system # update Rubygems
gem install bundler # update bundler
bundler update --bundler # update Gemfile.lock in your project

The error message

>bundle exec guard
14:41:40 - INFO - Guard::RSpec is running
14:41:40 - INFO - Guard is now watching at '/Users/user/project'
14:41:52 - INFO - Running: spec/spec.rb
You must use Bundler 2 or greater with this lockfile.
14:41:52 - ERROR - Failed: "bundle exec bin/rspec -f progress -r /Users/user/project/vendor/bundle/ruby/2.6.0/gems/guard-rspec-4.7.3/lib/guard/rspec_formatter.rb -f Guard::RSpecFormatter --failure-exit-code 2 spec/spec.rb" (exit code: 20)

Fix slow rspec on macOS – 10x speedup

For some reason rspec was running horribly slow on my macOS laptop, with a simple test suite taking over 30 seconds to run. This made TDD almost unbearable:

>rspec spec/features
Finished in 27.29 seconds (files took 33.71 seconds to load)
8 examples, 2 failures

After some googling, the recommended approach is to compile spring binstubs for rspec. For good hygiene, we’ll use bundler to do this, and use guard so we can leave a terminal window open on a second monitor and see test results automatically after saving code changes.

# edit /Gemfile
group :development do
gem 'guard'
gem 'guard-rspec'
gem 'spring'
gem 'spring-commands-rspec'
gem 'spring-watcher-listen'

>bundle install --path vendor/bundle --without=production --binstubs # install gems into vendor/bundle
>echo 'vendor/bundle' >> .gitignore # don't track installed gemfiles

Update 16/08/2020: I no longer install gems into ./vendor/bundle and instead let rbenv handle the location for me. I don’t believe this change in approach affects the meat of this article.

Now replace the bundler rails binstubs with updated rails gem versions and insert spring:

>bundle exec rails app:update:bin # now regenerate standard rails binstubs
>bin/rails app:update:bin # norly plox use teh rail binstubs
>bundle exec spring binstub --all # use spring versions of binstubs
>bundle exec guard init # create guard config file /Guardfile

Note: bin/rails can get overwritten by bundler and stop accepting commands eg “bin/rails server” will show the default output of “rails” instead of launching the server. This can be fixed by running “bundle binstubs railties” then updating the binstubs again as per the instructions above.

Running “bundle config –delete bin” will stop bundler from blatting bin/rails but this also means you will need to manually generate binstubs using eg “bundle binstubs cucumber”.

Note also that bundler pulls in config from $APP/.bundle/config and ~/.bundle.config, so disabling binstubs in your app folder can be overridden by your home directory config.

# edit /Guardfile
guard :rspec, cmd: “bundle exec bin/rspec”, failed_mode: :keep do

>bundle exec guard

Finished in 1.72 seconds (files took 3.17 seconds to load)
5 examples, 2 failures

From 33 seconds to 3 seconds. Nice!

Tip: now instead of using “bundle exec” rails or rake, use bin/$GEMNAME eg “bin/rails console”. The spring server running in the background will respond much faster than booting rails each time.