router.param(name, callback) Adds callback triggers to route parameters, where name is the name of the parameter and callback is the callback function. Although name is technically optional, using this method without it is deprecated starting with Express v4.11.0 (see below). The parameters of the callback function are: req, the request object. res, the response object. next, indicating the next middleware function. The value of the name parameter. The name of the parameter. Unlike app.pa

Define error-handling middleware functions in the same way as other middleware functions, except error-handling functions have four arguments instead of three: (err, req, res, next). For example: app.use(function(err, req, res, next) { console.error(err.stack); res.status(500).send('Something broke!'); }); You define error-handling middleware last, after other app.use() and routes calls; for example: var bodyParser = require('body-parser'); var methodOverride = require('method-override');

Node.js vulnerabilities directly affect Express. Therefore keep a watch on Node.js vulnerabilities and make sure you are using the latest stable version of Node.js. The list below enumerates the Express vulnerabilities that were fixed in the specified version update. NOTE: If you believe you have discovered a security vulnerability in Express, please see Security Policies and Procedures. 4.x 4.11.1 Fixed root path disclosure vulnerability in express.static, res.sendfile, and res.sendFile 4.

res.links(links) Joins the links provided as properties of the parameter to populate the response’s Link HTTP header field. For example, the following call: res.links({ next: 'http://api.example.com/users?page=2', last: 'http://api.example.com/users?page=5' }); Yields the following results: Link: <http://api.example.com/users?page=2>; rel="next", <http://api.example.com/users?page=5>; rel="last"

req.baseUrl The URL path on which a router instance was mounted. The req.baseUrl property is similar to the mountpath property of the app object, except app.mountpath returns the matched path pattern(s). For example: var greet = express.Router(); greet.get('/jp', function (req, res) { console.log(req.baseUrl); // /greet res.send('Konichiwa!'); }); app.use('/greet', greet); // load the router on '/greet' Even if you use a path pattern or a set of path patterns to load the router, the base

app.locals The app.locals object has properties that are local variables within the application. app.locals.title // => 'My App' app.locals.email // => 'me@myapp.com' Once set, the value of app.locals properties persist throughout the life of the application, in contrast with res.locals properties that are valid only for the lifetime of the request. You can access local variables in templates rendered within the application. This is useful for providing helper functions to templates, as

res.redirect([status,] path) Redirects to the URL derived from the specified path, with specified status, a positive integer that corresponds to an HTTP status code . If not specified, status defaults to “302 “Found”. res.redirect('/foo/bar'); res.redirect('http://example.com'); res.redirect(301, 'http://example.com'); res.redirect('../login'); Redirects can be a fully-qualified URL for redirecting to a different site: res.redirect('http://google.com'); Redirects can be relative to the root o

req.cookies When using cookie-parser middleware, this property is an object that contains cookies sent by the request. If the request contains no cookies, it defaults to {}. // Cookie: name=tj req.cookies.name // => "tj" For more information, issues, or concerns, see cookie-parser.

res.locals An object that contains response local variables scoped to the request, and therefore available only to the view(s) rendered during that request / response cycle (if any). Otherwise, this property is identical to app.locals. This property is useful for exposing request-level information such as the request path name, authenticated user, user settings, and so on. app.use(function(req, res, next){ res.locals.user = req.user; res.locals.authenticated = ! req.user.anonymous; next()

req.param(name [, defaultValue]) Deprecated. Use either req.params, req.body or req.query, as applicable. Returns the value of param name when present. // ?name=tobi req.param('name') // => "tobi" // POST name=tobi req.param('name') // => "tobi" // /user/tobi for /user/:name req.param('name') // => "tobi" Lookup is performed in the following order: req.params req.body req.query Optionally, you can specify defaultValue to set a default value if the parameter is not found in any o