Last active
July 2, 2018 19:16
-
-
Save marionebl/9298726 to your computer and use it in GitHub Desktop.
Sails: Disable x-powered-by header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Configure advanced options for the Express server inside of Sails. | |
* | |
* For more information on configuration, check out: | |
* http://sailsjs.org/#documentation | |
*/ | |
module.exports.express = { | |
middleware: { | |
poweredBy: false | |
}, | |
customMiddleware: function (app) { | |
app.disable('x-powered-by'); | |
} | |
}; | |
module.exports.cache = { | |
// The number of seconds to cache files being served from disk | |
// (only works in production mode) | |
maxAge: 31557600000 | |
}; |
This doesn't work for v0.9.16.. I ended up hacking sails/lib/express/index.js:
from this:
// Allow usage of custom express middleware
// Must be before the router
if (sails.config.express.customMiddleware) {
sails.config.express.customMiddleware(app);
}
// Add powered-by Sails header
app.use(function(req, res, next) {
res.header('X-Powered-By', 'Sails <sailsjs.org>');
next();
});
to this:
// Add powered-by Sails header
app.use(function(req, res, next) {
res.header('X-Powered-By', 'Sails <sailsjs.org>');
next();
});
// Allow usage of custom express middleware
// Must be before the router
if (sails.config.express.customMiddleware) {
sails.config.express.customMiddleware(app);
}
so that middleware can override at least the powered-by header. as well as have the option to disable it.
so my example config/express.js looks like this for overriding it (for sails v0.9.16):
module.exports.express = {
customMiddleware: function (app) {
app.use(function(req, res, next) {
res.header('X-Powered-By', 'My own, my precious');
next();
});
}
};
so my example config/express.js looks like this for disabling it (for sails v0.9.16):
module.exports.express = {
// middleware: {
// poweredBy: false
// },
customMiddleware: function (app) {
app.use(function (req, res, next) {
res.removeHeader("x-powered-by");
next();
});
}
};
Note: the middleware part is commented out because I've seen it recommended but it does nothing for me..nor do I want to dig around anymore to see what it does. Try uncommenting it if at first it doesn't work. As for me, I was able to disable the header by using just the "customMiddleware" portion.
Good luck.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Sailsjs 0.9.15 no working