This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*some code here*/ | |
app.use(csrf()); | |
app.use(function (req, res, next) { | |
res.cookie('XSRF-TOKEN', req.csrfToken()); | |
next(); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var helmet = require('helmet'); | |
app.use(helmet.hidePoweredBy({setTo: 'DummyServer 1.0'})); //change value of X-Powered-By header to given value | |
app.use(helmet.noCache({noEtag: true})); //set Cache-Control header | |
app.use(helmet.noSniff()); // set X-Content-Type-Options header | |
app.use(helmet.frameguard()); // set X-Frame-Options header | |
app.use(helmet.xssFilter()); // set X-XSS-Protection header |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var express = require('express'); | |
var app = express(); | |
app.disable('x-powered-by'); // disable X-Powered-By header | |
app.use(function(req, res, next){ | |
res.header('X-XSS-Protection', '1; mode=block'); | |
res.header('X-Frame-Options', 'deny'); | |
res.header('X-Content-Type-Options', 'nosniff'); | |
next(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
form (action="/create",method="post") | |
input (type="hidden", name="_csrf", value=_csrfToken) | |
label (for="myname") Your name : | |
input (type="text", id="myname") | |
button (type="submit") Submit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*some code here*/ | |
var express = require('express'); | |
var session = require('express-session'); | |
var app = express(); | |
app.use(session({ | |
name: 'SESS_ID', | |
secret: '^#$5sX(Hf6KUo!#65^', | |
resave: false, | |
saveUninitialized: true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//snippet1 : Following is not a proper error handling when myAsyncFunction() is an asynchronous function | |
try { | |
myAsyncFunction(somedata, function(err, response){ | |
//this is asynchronous function callback | |
}); | |
} | |
catch(err){ | |
console.log('I will never catch the error'); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
myAsyncFunction(somedata, function(err, response){ | |
if (err){ | |
/* handle this error */ | |
} | |
else{ | |
/* do something with response */ | |
} | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DBSecretNotes.find({username: req.body.username, secret: req.body.secret}).exec(function(err, secretNotes){ | |
//List all secret notes of the user | |
}); |