Cross-site request forgery (CSRF) attacks are a type of attack where a website you don’t control tries to send commands to your website, using your customer’s cookies. Today we’re going to look at a few ways you can avoid CSRF attacks, mostly just by being careful about how you design your API.
Since GitHub Actions is in beta, to get any of these examples to work you’ll need to apply for the beta program.
A couple of months ago Typescript team revealed that they were formally adopting eslint as the linter for Typescript, and that they were actively working to improve compatibility between eslint and typescript. What you might not know is, you can use eslint with Typescript today! Read more to see how to set up eslint on your typescript project.
Recently a colleague of mine noticed this in the MDN description of WeakMap:
Because of references being weak, WeakMap keys are not enumerable (i.e. there is no method giving you a list of the keys). If they were, the list would depend on the state of garbage collection, introducing non-determinism. If you want to have a list of keys, you should use a Map.
My co-worker wondered what this meant exactly? Where does the non-determinism come from? Doesn’t the state of WeakMap still depend on garbage collection even if you can’t enumerate the keys?
OpenAPI is a specification that lets you write a document which describes a REST API. From this document, you can generate documentation, generate stubs to call into your API in a variety of languages, and automatically validate requests on the server, and much more. Swagger is a set of tools that work with OpenAPI. This will walk through setting up an OpenAPI document for a typical MongoDB/Express/Node.js app.
This is the first of a three part series.
subscribe via RSS