Merge master into feature/187 #220
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix NoSQL injection solution
fix: startup logs stringified objects incorrectly
fix: example of xss in bad context using a dedicated profile field
Collection drop commands were sent without waiting for their completion. The userId counter insert could complete before the counter collection drop. In that case the new counter would be deleted
* Make the web service connect to the mongo service, not mLab * Update readme to remove the "change config" step * Import NODE_ENV into the web service so the appropriate config is used
* Skip devDependency install by default * Use lowercase NODE_ENV so Heroku can strip devDependencies in production
* MONGOLAB_URI isn't needed as the mongolab addon has been removed * Removed the old mlab connection URI as that database will be deleted * Default db is localhost:27017, for all other cases set MONGODB_URI (don't commit database credentials to a public repo)
* Heroku section includes database set up instructions * "Remote MongoDB" sections cover Atlas instead of mLab * "Remote MongoDB" sections use MONGODB_URI env var (don't commit DB password) * Adjusted layout and fixed some typos
Also corrected the example connection string, which was in the wrong format
* Moved examples for NoSQL and SSJS attacks into a new panel * Added a note to the new panel about Atlas M0 (doesn't support js queries) * Updated log injection section formatting to match the others
Remove mongolab addon from Heroku deploy
Adjustments to livereload to stop (timeout) in prod
Add cross-env for Windows scripts compatibility
rcowsill
force-pushed
the
merge/master-into-187
branch
from
352234c
to
ca90515
Compare
rcowsill
force-pushed
the
merge/master-into-187
branch
from
279ff88
to
7c036aa
Compare
rcowsill
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are quite a few commits in
mastersince the common base withfeature/187. This is a WIP PR to merge them in.In particular, d1d5657 is needed in this branch to stop the Travis builds from using the old mLab database. That database will be deleted in January next year, resulting in CI build errors if it's still in use.
This will also bring over some quality-of-life improvements like crossenv and dev-only livereload.