- Don't run as root.
- For sessions, set
httpOnly(andsecuretotrueif running over SSL) when setting cookies. - Use the Helmet for secure headers: https://github.com/evilpacket/helmet
- Enable
csrffor preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf - Don't use the deprecated
bodyParser()and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use thedeferproperty andpipe()the multipart upload stream to the intended destination.
Ben Johnson benjohnson
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .book { | |
| display: inline-block; | |
| margin: 10px; | |
| } | |
| .book img { | |
| vertical-align: middle; | |
| } | |
| .books { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| casper: | |
| make killserver | |
| python manage.py runserver 9999 & | |
| sleep 1 | |
| -casperjs test tests/casper/ | |
| make killserver | |
| killserver: | |
| ps aux|grep "python manage.py runserver 9999"|grep -v grep|awk '{print $$2}'|xargs kill |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # templatetags/kwacros.py - Support for macros in Django templates | |
| # | |
| # Based on snippet by | |
| # Author: Michal Ludvig <[email protected]> | |
| # http://www.logix.cz/michal | |
| # | |
| # modified for args and kwargs by Skylar Saveland http://skyl.org | |
| # |
cjohansen
/ gist:739589
Created
December 13, 2010 20:55
Showing how to fake server requests with Sinon.JS and Jasmine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Load Sinon.JS in the SpecRunner: | |
| <script type="text/javascript" src="lib/jasmine-1.0.1/jasmine.js"></script> | |
| <script type="text/javascript" src="lib/jasmine-1.0.1/jasmine-html.js"></script> | |
| <script type="text/javascript" src="sinon-1.0.0.js"></script> | |
| <script type="text/javascript" src="sinon-ie-1.0.0.js"></script> | |
| http://cjohansen.no/sinon/ | |
| */ |