Skip to content

Instantly share code, notes, and snippets.

View mudassaralimtp's full-sized avatar

Mudassar Ali mudassaralimtp

  • Lahore, Punjab, Pakistan
  • 04:04 (UTC +05:00)
  • Joined Sep 25, 2025
View GitHub Profile
@mudassaralimtp
mudassaralimtp / Penetration-report-*.travelgay.md
Last active October 2, 2025 14:40

Security Assessment Summary – *.travelgay.com

Penetration and SSL/TLS Scan Results

The following findings were identified:

  • No evidence of credential leakage — no passwords, tokens, or secrets found.
  • Some user emails were exposed in the website’s public-facing pages (e.g., jonty@travelgay.com, luke@travelgay.com).
  • TLS configuration still supports older protocols (TLS 1.0/1.1) and weak ciphers, although modern secure ciphers are also enabled.
  • Missing security headers (HSTS, CSP, X-Frame-Options, etc.) that reduce browser-level protections.
  • Minor information disclosures such as robots.txt content and internal path references.
@mudassaralimtp
mudassaralimtp / axios-like-fetch.md
Last active September 29, 2025 13:34
Enhanced `fetch()` Wrapper for APIs that requires authentication tokens. Next.js internal APIs

🚀 Next.js HTTP Client for Nest.js APIs

This guide shows how to build a robust HTTP client in Next.js that:

  • ✅ Supports Axios-like API (get, post, put, patch, delete).
  • ✅ Works in both CSR (browser) and SSR/ISR/SSG (server) modes.
  • ✅ Handles auth tokens via localStorage (browser) or cookies (server).
  • ✅ Provides interceptors for request/response customization.
  • ✅ Ensures clean error handling with a custom HttpError class.