- Don't run as root.
- For sessions, set
httpOnly(andsecuretotrueif running over SSL) when setting cookies. - Use the Helmet for secure headers: https://github.com/evilpacket/helmet
- Enable
csrffor preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf - Don't use the deprecated
bodyParser()and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use thedeferproperty andpipe()the multipart upload stream to the intended destination.
Ashwini Khare khare-ashwini
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <queue> | |
| #include <cmath> | |
| using namespace std; | |
| priority_queue<int> Q, T; | |
| int main() { | |
| int test=0, tests; cin >> tests; | |
| int D; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ## | |
| # Screencaps, pulls, and deletes the png from a device. | |
| # | |
| # gcap [w | a | device identifier] | |
| # | |
| # For debugging over Bluetooth (i.e., Android Wear), see | |
| # https://developer.android.com/training/wearables/apps/bt-debugging.html | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::-webkit-scrollbar{ | |
| height:16px; | |
| overflow:visible; | |
| width:16px; | |
| } | |
| ::-webkit-scrollbar-button{ | |
| height:0; | |
| width:0; | |
| } |
psychemedia
/ Cross Domain JQuery with Yahoo Pipes Proxy
Created
February 27, 2010 12:20
Make cross domain JSON calls in JQuery for JSON feeds that don't support JSONP. Using a Yahoo Pipe as a proxy, pass in the URI for your JSON feed from any domain, and grab the Pipe's JSONP proxy output into your page.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function cross_domain_JSON_call(url){ | |
| // url points to a JSON feed | |
| // eg http://openlylocal.com/committees.json?council_id=111 | |
| url="http://pipes.yahoo.com/ouseful/jsonproxy?url="+encodeURIComponent(url)+"&_render=json&_callback=?"; | |
| $.getJSON( | |
| url, | |
| function(data) { myCallbackFunction(data.value.items[0]); } | |
| ) |