Phaninder Pasupula pasupulaphani

## nginx.conf
# Change YOUR_TOKEN to your prerender token
# Change example.com (server_name) to your website url
# Change /path/to/your/root to the correct value

server {
    listen 80;
    server_name example.com;

    root   /path/to/your/root;
    index  index.html;

## 1-securing-express.md

      
              5 files
            
          
              15 forks
            
          
              3 comments
            
          
              104 stars
            
          
                cerebrl
                / 1-securing-express.md
            
            
              Last active
              August 2, 2023 22:48
            
              
                Securing ExpressJS
              
          
    tl;dr


Don't run as root.
For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
Use the Helmet for secure headers: https://github.com/evilpacket/helmet
Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.
	# Change YOUR_TOKEN to your prerender token
	# Change example.com (server_name) to your website url
	# Change /path/to/your/root to the correct value

	server {
	listen 80;
	server_name example.com;

	root /path/to/your/root;
	index index.html;