Forem: Anton Kulyk

I Built a Small Project in 3 Nights Just to Try Inertia and the New Laravel

Anton Kulyk — Mon, 05 Jan 2026 14:25:18 +0000

I didn’t start with a startup idea or a business goal.
I just wanted to try Inertia.js and the latest Laravel in something real.

Instead of writing random demo code, I decided to build an actual project. Not because I needed it, but because fake examples don’t teach much.

Why I Did This
My only goal was to understand how Inertia feels in a real setup:

real routes
real forms
real validation
real deployment I wanted to see where it helps and where it gets in the way.

Time and Constraints
The whole thing took three evenings, usually working until 3–4 AM.

That time included:

setting up a VPS
buying and configuring a domain
DNS records
server setup
CI/CD with deploying Laravel
connecting Inertia with React
wiring analytics
and of course a lot of tests

So this wasn't just coding a feature. It was the full loop.

The Stack
I used:

Laravel (12.44.0)
Inertia.js (2.1.4)
React (19.2.0)

I didn’t want to:

design an API
duplicate validation logic
deal with token-based auth

Inertia let me keep Laravel in control while still writing React on the frontend.

What I Actually Built

Nothing fancy.
A small but complete project where:

Laravel handles routing and validation
Inertia returns page data
React renders the UI
everything runs in production
analytics is enabled from day one

The point wasn't features — it was the process.

An Unexpected Side Effect

I enjoyed working with React in this setup much more than I expected.

Because of that, I'm now planning to migrate the frontend of vulnwatch.tech to React as well. The development flow felt cleaner and faster, especially with Laravel still handling all the backend logic.

This small experiment ended up influencing decisions on a much larger project.

What Stood Out

The biggest takeaway was how much simpler things get when you stop thinking in APIs.

Once I treated pages as server-driven state instead of API responses, the amount of glue code dropped significantly.

Final Thoughts

This wasn't about launching a product.

It was about learning a stack properly — with real deployment, DNS, and constraints.

For experiments, MVPs, and solo projects, Laravel + Inertia + React feels like a very efficient setup.

If You’re Curious

If anyone is interested, here’s the link to what I ended up building:
linkstobio.com

Happy to answer any questions or share more details about the setup.

Deploying Your Own AI on a Website in Just 15 Minutes? Yes, It’s Possible!

Anton Kulyk — Sun, 09 Mar 2025 04:07:10 +0000

Motivating night, dear community!

Did you know that you can launch your own local AI on your website in just 15 minutes? I recently discovered Ollama, a tool that allows you to install an AI engine on your server, connect a cybersecurity-trained model, and make it accessible to the world.

I find this absolutely incredible because it means AI can now be deeply integrated into services, and most importantly, there’s an opportunity to train custom models that incorporate personal expertise.

curl -fsSL https://ollama.com/install.sh

ollama serve

curl http://localhost:11434/api/generate -d '{
 "model": "llama2",
 "prompt": "Tell me about security headers"
}'

To be honest, getting a basic request-response setup took me just 15 minutes. However, I ended up spending around two hours in total because I had to implement a user interface and integrate a CAPTCHA system to protect the server from automated abuse.

If you’re interested in this topic, let me know by voting! If this post gets enough engagement, I’ll share the technical implementation details.

“We live in exciting times, don’t we?” – Mr. Robot.

you can test it free https://vulnwatch.pro/ai

Why Your Website Needs a Content Security Policy (CSP) Header

Anton Kulyk — Mon, 03 Mar 2025 02:20:21 +0000

Did you know that over 60% of cyber attacks exploit weak or missing security headers? One of the most crucial headers to protect your website is Content Security Policy (CSP).

🔹 What is CSP?

CSP is a security feature that helps prevent Cross-Site Scripting (XSS), code injection, and data theft by controlling which scripts, styles, and resources can load on your site.

🔥 Why is CSP Important?

✅ Blocks Malicious Scripts – Stops attackers from injecting harmful JavaScript.
✅ Prevents Data Theft – Mitigates attacks that steal user credentials via phishing.
✅ Secures Third-Party Integrations – Limits external scripts to trusted sources.
✅ Reduces Attack Surface – Strengthens security beyond firewalls & SSL.

⚡ Example of a Secure CSP Header

Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-source.com; style-src 'self' 'unsafe-inline'; object-src 'none';

This setup:
🔹 Allows scripts only from your site & trusted sources
🔹 Prevents malicious inline JavaScript execution
🔹 Blocks insecure Flash & object embeds

🔍 How to Implement CSP

1️⃣ Add it to your web server headers (Apache, Nginx, etc.).
2️⃣ Use Content-Security-Policy-Report-Only to test before enforcing.
3️⃣ Continuously refine policies using CSP violation reports.

A well-implemented CSP is your first line of defense against modern web threats. Is your website protected?

You can check you website for free on https://vulnwatch.pro.

P.S. Feel free to DM me your email registered on the website, and I’ll give you 50 free scans!