Ben Johnson benjohnson

## 1-securing-express.md

      
              5 files
            
          
              15 forks
            
          
              3 comments
            
          
              104 stars
            
          
                cerebrl
                / 1-securing-express.md
            
            
              Last active
              August 2, 2023 22:48
            
              
                Securing ExpressJS
              
          
    tl;dr


Don't run as root.
For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
Use the Helmet for secure headers: https://github.com/evilpacket/helmet
Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.


## dabblet.css
.book {
  display: inline-block;
  margin: 10px;
}

.book img {
vertical-align: middle;
}

.books {

## Makefile
casper:
	make killserver
	python manage.py runserver 9999 &
	sleep 1
	-casperjs test tests/casper/
	make killserver

killserver:
	ps aux|grep "python manage.py runserver 9999"|grep -v grep|awk '{print $$2}'|xargs kill

## kwacros.py
#
# templatetags/kwacros.py - Support for macros in Django templates
#
# Based on snippet by
# Author: Michal Ludvig <michal@logix.cz>
#         http://www.logix.cz/michal
#
# modified for args and kwargs by Skylar Saveland http://skyl.org
#

## gist:739589
/*
  Load Sinon.JS in the SpecRunner:

  <script type="text/javascript" src="lib/jasmine-1.0.1/jasmine.js"></script>
  <script type="text/javascript" src="lib/jasmine-1.0.1/jasmine-html.js"></script>
  <script type="text/javascript" src="sinon-1.0.0.js"></script>
  <script type="text/javascript" src="sinon-ie-1.0.0.js"></script>

  http://cjohansen.no/sinon/
*/
	.book {
	display: inline-block;
	margin: 10px;
	}

	.book img {
	vertical-align: middle;
	}

	.books {
	casper:
	make killserver
	python manage.py runserver 9999 &
	sleep 1
	-casperjs test tests/casper/
	make killserver

	killserver:
	ps aux\|grep "python manage.py runserver 9999"\|grep -v grep\|awk '{print $$2}'\|xargs kill
	#
	# templatetags/kwacros.py - Support for macros in Django templates
	#
	# Based on snippet by
	# Author: Michal Ludvig <michal@logix.cz>
	# http://www.logix.cz/michal
	#
	# modified for args and kwargs by Skylar Saveland http://skyl.org
	#
	/*
	Load Sinon.JS in the SpecRunner:

	<script type="text/javascript" src="lib/jasmine-1.0.1/jasmine.js"></script>
	<script type="text/javascript" src="lib/jasmine-1.0.1/jasmine-html.js"></script>
	<script type="text/javascript" src="sinon-1.0.0.js"></script>
	<script type="text/javascript" src="sinon-ie-1.0.0.js"></script>

	http://cjohansen.no/sinon/
	*/