Security upgrades
This commit is contained in:
24
node_modules/hide-powered-by/README.md
generated
vendored
Normal file
24
node_modules/hide-powered-by/README.md
generated
vendored
Normal file
@@ -0,0 +1,24 @@
|
||||
Hide X-Powered-By
|
||||
=================
|
||||
[](https://travis-ci.org/helmetjs/hide-powered-by)
|
||||
|
||||
Simple middleware to remove the `X-Powered-By` HTTP header if it's set.
|
||||
|
||||
Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, `X-Powered-By: Express` is sent in every HTTP request coming from Express, by default. This won't provide much security benefit ([as discussed here](https://github.com/expressjs/express/pull/2813#issuecomment-159270428)), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.
|
||||
|
||||
```javascript
|
||||
const hidePoweredBy = require('hide-powered-by')
|
||||
app.use(hidePoweredBy())
|
||||
```
|
||||
|
||||
You can also explicitly set the header to something else, if you want. This could throw people off:
|
||||
|
||||
```javascript
|
||||
app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))
|
||||
```
|
||||
|
||||
Note: if you're using Express, you don't need this middleware and can just do this:
|
||||
|
||||
```javascript
|
||||
app.disable('x-powered-by')
|
||||
```
|
||||
Reference in New Issue
Block a user