search

codeuino / social-platform-donut-backend

Donut API:
http://donut-api-prod.codeuino.org/
GNU General Public License v3.0
24 stars 57 forks source link

Adding code to prevent attacks #153

Closed pranjals149 closed 4 years ago

pranjals149 commented 4 years ago

Name: Added security to prevent attacks. About: I've added the code for preventing various types of attacks.

Github Issue Number: #149

Solution of problem

My code contains support to prevent various attacks. First, to prevent CSRF attack, I've implemented csurf module. Then, for the secure browsing, the cookies must be secured. In order to achieve this, I've implemented express-session module and made the httpOnly and secure flag to true. To prevent HTTP Parameter Pollution (HPP) type of attack, I've implemented hpp module. Finally, for setting some of the HTTP Header, I've implemented helmet module.

Type of Change

  1. New Feature

Checklist

  1. My code follows the same style as the codebase
  2. I made PR against development branch
  3. I have run the test cases locally and it's passing.
devesh-verma commented 4 years ago

please resole the conflicts