I've tried using this but it didn't work: app.disable("x-powered-by");
and I have read the post like this :
how to remove X-Powered-By in ExpressJS
Can't get rid of header X-Powered-By:Express
Iam using "express": "^4.16.4" as backend. in frontend iam using "react": "^16.7.0" Single Page App.
UPDATE
express.js in port 5000 react.js in port 3000
when i try to hit this URL http://localhost:5000/api/product x-powered-by :express is gone.
in my react app when i try to hit API http://localhost:5000/api/product it will showing again x-powered-by:express.
Every time using the API http://localhost:5000/api/product which means node.js/express server i got x-powered-by : express
but when i try to console.log(app); i got this :
settings:
[0] { 'x-powered-by': false,
[0] etag: 'weak',
[0] 'etag fn': [Function: generateETag],
[0] env: 'development',
[0] 'query parser': 'extended',
[0] 'query parser fn': [Function: parseExtendedQueryString],
[0] 'subdomain offset': 2,
[0] 'trust proxy': false,
[0] 'trust proxy fn': [Function: trustNone],
[0] view: [Function: View],
[0] views: 'D:\\WEBSITE\\hammerstout_nodejs_client\\views',
[0] 'jsonp callback name': 'callback' } },
'x-powered-by': false, should this work?
Code
import express from 'express';
import bodyParser from 'body-parser';
// import passport from 'passport';
import connection from './config/conn';
import { CategoryRoutes,ProductRoutes } from './modules';
import session from 'express-session';
const app = express();
app.disable("x-powered-by");
console.log(app);
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// app.use(passport.initialize());
app.use('/api/', [CategoryRoutes, ProductRoutes]);
const port = process.env.PORT || 5000;
app.listen(port, (err) => {
if(err){
console.log(err);
}else{
console.log(`Server running on port ! ${port}`);
}
});
I've tried using this but it didn't work: app.disable("x-powered-by");
and I have read the post like this :
how to remove X-Powered-By in ExpressJS
Can't get rid of header X-Powered-By:Express
Iam using "express": "^4.16.4" as backend. in frontend iam using "react": "^16.7.0" Single Page App.
UPDATE
express.js in port 5000 react.js in port 3000
when i try to hit this URL http://localhost:5000/api/product x-powered-by :express is gone.
in my react app when i try to hit API http://localhost:5000/api/product it will showing again x-powered-by:express.
Every time using the API http://localhost:5000/api/product which means node.js/express server i got x-powered-by : express
but when i try to console.log(app); i got this :
settings:
[0] { 'x-powered-by': false,
[0] etag: 'weak',
[0] 'etag fn': [Function: generateETag],
[0] env: 'development',
[0] 'query parser': 'extended',
[0] 'query parser fn': [Function: parseExtendedQueryString],
[0] 'subdomain offset': 2,
[0] 'trust proxy': false,
[0] 'trust proxy fn': [Function: trustNone],
[0] view: [Function: View],
[0] views: 'D:\\WEBSITE\\hammerstout_nodejs_client\\views',
[0] 'jsonp callback name': 'callback' } },
'x-powered-by': false, should this work?
Code
import express from 'express';
import bodyParser from 'body-parser';
// import passport from 'passport';
import connection from './config/conn';
import { CategoryRoutes,ProductRoutes } from './modules';
import session from 'express-session';
const app = express();
app.disable("x-powered-by");
console.log(app);
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// app.use(passport.initialize());
app.use('/api/', [CategoryRoutes, ProductRoutes]);
const port = process.env.PORT || 5000;
app.listen(port, (err) => {
if(err){
console.log(err);
}else{
console.log(`Server running on port ! ${port}`);
}
});
2 Answers
Reset to default 14I have the same effect with my angular app. I'm using the angular proxy (which is the webpack-dev-server in the end) to access my server (avoiding CORS problems).
Responses do not contain the 'x-powered-by' header when I access the REST-API on my server (on port 3000) with postman or a browser. Accessing the same server with my angular app (on port 4200) using the proxy shows the header.
My findings are: the webpack-dev-server uses express as a basis; so I assume that the "erroneous" header stems from the proxy server not from your server on port 3000.
app.disable("x-powered-by"); is the correct way to disable the custom header in express 4.16.4 . Here's a working example with express 4.16.4 and node 10.14.2 :
const express = require('express');
const app = express();
app.disable("x-powered-by");
app.get('/', function(req, res) {
res.status(200);
res.send("hello\n\n");
res.end();
});
app.listen(9876, function() {
console.log('ready');
});
running this from the command line, then calling curl -i http://localhost:9876/ results in the following output:
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 7
ETag: W/"7-RYgBn9PSVn8wOBXbat/kibLuX5I"
Date: Mon, 07 Jan 2019 03:24:09 GMT
Connection: keep-alive
hello
app.disable("x-powered-by");actually seems to work properly again in v4.17.1 now. – rvanlaarhoven Commented Jun 7, 2019 at 12:33