Deepal Jayasekara deepal

## nodesec-csrf-angular.js
/*some code here*/

app.use(csrf());
app.use(function (req, res, next) {
    res.cookie('XSRF-TOKEN', req.csrfToken());
    next();
});

## nodesec-helmet.js
var helmet = require('helmet');

app.use(helmet.hidePoweredBy({setTo: 'DummyServer 1.0'})); //change value of X-Powered-By header to given value
app.use(helmet.noCache({noEtag: true})); //set Cache-Control header
app.use(helmet.noSniff());    // set X-Content-Type-Options header
app.use(helmet.frameguard()); // set X-Frame-Options header
app.use(helmet.xssFilter());  // set X-XSS-Protection header

## nodesec-manual-headers.js
var express = require('express');
var app = express();

app.disable('x-powered-by');   // disable X-Powered-By header

app.use(function(req, res, next){
  res.header('X-XSS-Protection', '1; mode=block');
  res.header('X-Frame-Options', 'deny');
  res.header('X-Content-Type-Options', 'nosniff');
  next();

## nodesec-csrf-express.jade
form (action="/create",method="post")
  input (type="hidden", name="_csrf", value=_csrfToken)
  label (for="myname") Your name :
  input (type="text", id="myname")
  button (type="submit") Submit

## nodesec-express-sessions.js
/*some code here*/
var express = require('express');
var session = require('express-session');
var app = express();

app.use(session({
    name: 'SESS_ID',
    secret: '^#$5sX(Hf6KUo!#65^',
    resave: false,
    saveUninitialized: true,

## nodesec-secure-cookie.js
/* some code */

app.get('/', function(req, res, next){
  /*some logic here before setting cookie*/
  res.cookie('User', 'John Doe', { httpOnly: true, secure: true });
  res.status(200).json('this is a repsonse with a safe cookie');
});

## nodesec-cookie-parser.js
var cookieParser = require('cookie-parser');
var express = require('express');
var app = express();

app.use(cookieParser('6xH$*CYY*u44gcUN57%H'));

app.get('/', function(req, res, next){
  res.cookie('User', 'John Doe', { signed: true });
  res.render('index');
});

## nodesec-error-handling-sync.js
//snippet1 : Following is not a proper error handling when myAsyncFunction() is an asynchronous function
try {
  myAsyncFunction(somedata, function(err, response){
    //this is asynchronous function callback
  });
}
catch(err){
  console.log('I will never catch the error');
}

## nodesec-error-handling-async.js
myAsyncFunction(somedata, function(err, response){
  if (err){
    /* handle this error */
  }
  else{
    /* do something with response */
  }
});

## nodesec-mongodb-injection-server.js
DBSecretNotes.find({username: req.body.username, secret: req.body.secret}).exec(function(err, secretNotes){
  //List all secret notes of the user
});
	/some code here/

	app.use(csrf());
	app.use(function (req, res, next) {
	res.cookie('XSRF-TOKEN', req.csrfToken());
	next();
	});
	var helmet = require('helmet');

	app.use(helmet.hidePoweredBy({setTo: 'DummyServer 1.0'})); //change value of X-Powered-By header to given value
	app.use(helmet.noCache({noEtag: true})); //set Cache-Control header
	app.use(helmet.noSniff()); // set X-Content-Type-Options header
	app.use(helmet.frameguard()); // set X-Frame-Options header
	app.use(helmet.xssFilter()); // set X-XSS-Protection header
	var express = require('express');
	var app = express();

	app.disable('x-powered-by'); // disable X-Powered-By header

	app.use(function(req, res, next){
	res.header('X-XSS-Protection', '1; mode=block');
	res.header('X-Frame-Options', 'deny');
	res.header('X-Content-Type-Options', 'nosniff');
	next();
	form (action="/create",method="post")
	input (type="hidden", name="_csrf", value=_csrfToken)
	label (for="myname") Your name :
	input (type="text", id="myname")
	button (type="submit") Submit
	/some code here/
	var express = require('express');
	var session = require('express-session');
	var app = express();

	app.use(session({
	name: 'SESS_ID',
	secret: '^#$5sX(Hf6KUo!#65^',
	resave: false,
	saveUninitialized: true,
	//snippet1 : Following is not a proper error handling when myAsyncFunction() is an asynchronous function
	try {
	myAsyncFunction(somedata, function(err, response){
	//this is asynchronous function callback
	});
	}
	catch(err){
	console.log('I will never catch the error');
	}
	myAsyncFunction(somedata, function(err, response){
	if (err){
	/* handle this error */
	}
	else{
	/* do something with response */
	}
	});
	DBSecretNotes.find({username: req.body.username, secret: req.body.secret}).exec(function(err, secretNotes){
	//List all secret notes of the user
	});