Skip to content

Instantly share code, notes, and snippets.

View pasupulaphani's full-sized avatar

Phaninder Pasupula pasupulaphani

29 followers · 31 following
View GitHub Profile
@cerebrl
cerebrl / 1-securing-express.md
Last active February 23, 2025 17:02
Securing ExpressJS

tl;dr

  1. Don't run as root.
  2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
  3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
  4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
  5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.
@thoop
thoop / nginx.conf
Last active November 12, 2024 19:08
Official prerender.io nginx.conf for nginx
# Change YOUR_TOKEN to your prerender token
# Change example.com (server_name) to your website url
# Change /path/to/your/root to the correct value
server {
listen 80;
server_name example.com;
root /path/to/your/root;
index index.html;