Skip to content

Instantly share code, notes, and snippets.

View arijitMondal's full-sized avatar

Arijit arijitMondal

8 followers · 0 following
View GitHub Profile
@danburzo
danburzo / README.md
Last active July 29, 2021 08:41
Get all event listeners on the page in Google Chrome
@cerebrl
cerebrl / 1-securing-express.md
Last active August 2, 2023 22:48
Securing ExpressJS

tl;dr

  1. Don't run as root.
  2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
  3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
  4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
  5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.
@impressiver
impressiver / raven-config.html
Last active June 28, 2024 05:30
Raven.js configuration for logging JavaScript exceptions to Sentry (https://getsentry.com/). Without the added ignore options, you'll quickly find yourself swamped with unactionable exceptions due to shoddy browser plugins and 3rd party script errors.
<!-- Raven.js Config -->
<script src="{{ JS_PATH }}/lib/raven.js" type="text/javascript"></script>
<script type="text/javascript">
// Ignore list based off: https://gist.github.com/1878283
var ravenOptions = {
// Will cause a deprecation warning, but the demise of `ignoreErrors` is still under discussion.
// See: https://github.com/getsentry/raven-js/issues/73
ignoreErrors: [
// Random plugins/extensions
'top.GLOBALS',