Skip to content

Instantly share code, notes, and snippets.

View http91's full-sized avatar
💭
I may be slow to respond.

T http91

💭
I may be slow to respond.
3 followers · 4 following
View GitHub Profile
@ethicka
ethicka / localhost-ssl-certificate.md
Last active February 18, 2024 16:29
Localhost SSL Certificate on Mac OS

🚨 2020 Update: I recommend using mkcert to generate local certificates. You can do everything below by just running the commands brew install mkcert and mkcert -install. Keep it simple!

This gives you that beautiful green lock in Chrome. I'm assuming you're putting your SSL documents in /etc/ssl, but you can put them anywhere and replace the references in the following commands. Tested successfully on Mac OS Sierra and High Sierra.

Set up localhost.conf

sudo nano /etc/ssl/localhost/localhost.conf

@danharper
danharper / background.js
Last active March 30, 2024 18:25
Bare minimum Chrome extension to inject a JS file into the given page when you click on the browser action icon. The script then inserts a new div into the DOM.
// this is the background code...
// listen for our browerAction to be clicked
chrome.browserAction.onClicked.addListener(function (tab) {
// for the current tab, inject the "inject.js" file & execute it
chrome.tabs.executeScript(tab.ib, {
file: 'inject.js'
});
});
@cerebrl
cerebrl / 1-securing-express.md
Last active August 2, 2023 22:48
Securing ExpressJS

tl;dr

  1. Don't run as root.
  2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
  3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
  4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
  5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.