Deepal Jayasekara deepal

Software Engineer, Technical Writer, and Information Security and Distributed Systems Enthusiast. - deepal.io

deepal / nodesec-csrf-angular.js

Created February 17, 2016 03:52

nodesec-csrf-angular

	/some code here/

	app.use(csrf());
	app.use(function (req, res, next) {
	res.cookie('XSRF-TOKEN', req.csrfToken());
	next();
	});

deepal / nodesec-helmet.js

Created February 17, 2016 04:32

nodesec-helmet

	var helmet = require('helmet');

	app.use(helmet.hidePoweredBy({setTo: 'DummyServer 1.0'})); //change value of X-Powered-By header to given value
	app.use(helmet.noCache({noEtag: true})); //set Cache-Control header
	app.use(helmet.noSniff()); // set X-Content-Type-Options header
	app.use(helmet.frameguard()); // set X-Frame-Options header
	app.use(helmet.xssFilter()); // set X-XSS-Protection header

deepal / nodesec-manual-headers.js

Last active October 14, 2019 20:58

nodesec-manual-headers

	var express = require('express');
	var app = express();

	app.disable('x-powered-by'); // disable X-Powered-By header

	app.use(function(req, res, next){
	res.header('X-XSS-Protection', '1; mode=block');
	res.header('X-Frame-Options', 'deny');
	res.header('X-Content-Type-Options', 'nosniff');
	next();

deepal / nodesec-csrf-express.jade

Created February 17, 2016 05:33

nodesec-csrf-express

	form (action="/create",method="post")
	input (type="hidden", name="_csrf", value=_csrfToken)
	label (for="myname") Your name :
	input (type="text", id="myname")
	button (type="submit") Submit

deepal / nodesec-express-sessions.js

Created February 17, 2016 07:18

nodesec-express-sessions

	/some code here/
	var express = require('express');
	var session = require('express-session');
	var app = express();

	app.use(session({
	name: 'SESS_ID',
	secret: '^#$5sX(Hf6KUo!#65^',
	resave: false,
	saveUninitialized: true,

deepal / nodesec-secure-cookie.js

Created February 17, 2016 16:58

nodesec-secure-cookie

deepal / nodesec-cookie-parser.js

Last active October 14, 2019 20:59

nodesec-cookie-parser

deepal / nodesec-error-handling-sync.js

Last active October 14, 2019 20:59

nodesec-error-handling

	//snippet1 : Following is not a proper error handling when myAsyncFunction() is an asynchronous function
	try {
	myAsyncFunction(somedata, function(err, response){
	//this is asynchronous function callback
	});
	}
	catch(err){
	console.log('I will never catch the error');
	}

deepal / nodesec-error-handling-async.js

Created February 17, 2016 18:15

nodesec-error-handling-async.js

	myAsyncFunction(somedata, function(err, response){
	if (err){
	/* handle this error */
	}
	else{
	/* do something with response */
	}
	});

deepal / nodesec-mongodb-injection-server.js

Last active February 17, 2016 19:00

nodesec-mongodb-injection

	DBSecretNotes.find({username: req.body.username, secret: req.body.secret}).exec(function(err, secretNotes){
	//List all secret notes of the user
	});

	/* some code */

	app.get('/', function(req, res, next){
	/some logic here before setting cookie/
	res.cookie('User', 'John Doe', { httpOnly: true, secure: true });
	res.status(200).json('this is a repsonse with a safe cookie');
	});

	var cookieParser = require('cookie-parser');
	var express = require('express');
	var app = express();

	app.use(cookieParser('6xH$CYYu44gcUN57%H'));

	app.get('/', function(req, res, next){
	res.cookie('User', 'John Doe', { signed: true });
	res.render('index');
	});