[IMPROVE] Disable X-Powered-By header in all known express middlewares (#13388)

7 years ago · 61debeaed8
parent 5f0180dc15
commit 61debeaed8
3 changed files with 6 additions and 1 deletions
--- a/packages/rocketchat-apps/server/bridges/api.js
+++ b/packages/rocketchat-apps/server/bridges/api.js
@ -4,7 +4,7 @@ import { WebApp } from 'meteor/webapp';

 const apiServer = express();

-apiServer.set('x-powered-by', false);
+apiServer.disable('x-powered-by');

 WebApp.connectHandlers.use(apiServer);

--- a/packages/rocketchat-graphql/server/api.js
+++ b/packages/rocketchat-graphql/server/api.js
@ -16,6 +16,8 @@ const subscriptionPort = settings.get('Graphql_Subscription_Port') || 3100;
 // the Meteor GraphQL server is an Express server
 const graphQLServer = express();

+graphQLServer.disable('x-powered-by');
+
 if (settings.get('Graphql_CORS')) {
 	graphQLServer.use(cors());
 }
--- a/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js
+++ b/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js
@ -12,6 +12,9 @@ const oauth2server = new OAuth2Server({
 	debug: true,
 });

+oauth2server.app.disable('x-powered-by');
+oauth2server.routes.disable('x-powered-by');
+
 WebApp.connectHandlers.use(oauth2server.app);

 oauth2server.routes.get('/oauth/userinfo', function(req, res) {