Your Choice JavaScript News

Node News Tuesday, March 13 Cross-site request forgery, Site request forgery, Client id & more…

Node News TLDR / Table of Contents

  • Protect your Node.js app from Cross-Site Request Forgery
    • Cross Site Request Forgery aka CSRF/XSRF is used by attackers to perform requests on behalf of others. Learn how to protect your Node.js app from it.
    • Cross-Site Request Forgery, Site Request Forgery, One classic attack, Node.js app, Twilio Blog
  • Sending Emails with Node.js Using SMTP, Gmail, and OAuth2
    • I spent a while searching Stack Overflow and Nodemailer’s documentation for a way to send emails using Node.js in a relatively concise way through my Gmail account. I found a lot of useful…
    • client id, API Credentials, New Project, OAuth client ID, project settings
  • React 16 performance: React 16, Next.js and Node 8.x LTS
    • In this brief article we will go through some of the key latest improvements in React, Next.js and Node.js. These improvements are all related, as Next.js is the framework for server-side rendered…
    • key latest improvements, high performance web, server-side rendered React, server-side rendering, performance web applications
  • An attacker places a hidden form into their malicious page that automatically performs a request to your pages endpoint.
  • The concept is that when the browser gets a page from the server, it sends a randomly generated string as CSRF token as a cookie.
  • Later, when your page performs a POST request it will send the CSRF token as a cookie and also in another way such as a parameter in the body or via an HTTP header like .
  • An attacker will not be able to reproduce the same behavior with their hidden form since they wont be able to access the cookie to retrieve the value and send it along with their malicious POST request.
  • If you have any questions or any other helpful tools to improve the security of your Node.js web applications, feel free to ping me: – – Protect your Node.js app from Cross-Site Request Forgery was originally published on the Twilio Blog on January, 2018.

Tags: Cross-Site Request Forgery, Site Request Forgery, One classic attack, Node.js app, Twilio Blog

  • Press Select a project in the top leftcornerOnce the window opens, press the + icon in the top right corner to create a new project.
  • Select Oauth client ID from thedropdownYou should see a little warning banner near the top of the page: – To create an OAuth client ID, you must first set a product name on the consent screenJust press the Configure consent screen button on the banner and itll let you name…
  • If you accidentally clicked out of that card before you could save your ID and secret, just click the name of your client ID and itll take you to its settings with the ID and secret at the top of the page!
  • Start by making a project folder to put your email program in: – mkdir EmailerApp – cd EmailerAppNow we need to initialize it as a node project: – npm initNext, we need to install the library that well use to send emails called Nodemailer, and also the Google OAuth client…
  • First, well bring in the relevant packages: – Now we need to set up our OAuth client with all of our information that weve saved, youll need your client ID, your client secret, and the URL for the OAuth Playground that we used earlier: – Now were going to use…

Tags: client id, API Credentials, New Project, OAuth client ID, project settings

  • The React 16 (fiber) has been released; long-term support for Node.js LTS has been added to version 8; and the Next.js framework for server-side rendered React apps has come to version 4, and is intended for use with React16.
  • In this brief article we will go through some of the key latest improvements in React, Next.js and Node.js.
  • These improvements are all related, as Next.js is the framework for server-side rendered React apps; React 16 has massive improvements on server-side rendering, and performs much better if you use the latest versions of Node.js.
  • In this brief article we will go through some of the key latest improvements of React.js, Next.js and Node.js, and for those who want to have a quick start we will also introduce my high performance starter kit.
  • Server-side rendering is also one of the key improvements in React 16, and we can therefore gain huge performance benefits from it.

Tags: key latest improvements, high performance web, server-side rendered React, server-side rendering, performance web applications

Top Node Courses

The Complete Node.js Developer Course (2nd Edition) (60,232 students enrolled)

By Andrew Mead
  • Build, test, and launch Node apps
  • Create Express web servers and APIs
  • Store data with Mongoose and MongoDB
  • Use cutting-edge ES6/ES7 JavaScript
  • Deploy your Node apps to production
  • Create real-time web apps with SocketIO

Learn more.


Angular (Angular 2+) & NodeJS - The MEAN Stack Guide (26,806 students enrolled)

By Maximilian Schwarzmüller
  • Build real Angular + NodeJS applications
  • Understand how Angular works and how it interacts with Backends
  • Connect any Angular Frontend with a NodeJS Backend
  • Use MongoDB with Mongoose to interact with Data on the Backend
  • Use ExpressJS as a NodeJS Framework
  • Provide a great user experience by using Optimistic Updating on the Frontend
  • Improve any Angular (+ NodeJS) application by adding Error Handling

Learn more.