Skip to content

Commit

Permalink
[IMPROVE] Disable X-Powered-By header in all known express middlewares (
Browse files Browse the repository at this point in the history 
#13388)
  • Loading branch information
@sampaiodiego @ggazzo
sampaiodiego authored and ggazzo committed Feb 25, 2019
1 parent 5f0180d commit 61debea
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion packages/rocketchat-apps/server/bridges/api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { WebApp } from 'meteor/webapp';

const apiServer = express();

apiServer.set('x-powered-by', false);
apiServer.disable('x-powered-by');

WebApp.connectHandlers.use(apiServer);

Expand Down
2 changes: 2 additions & 0 deletions packages/rocketchat-graphql/server/api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ const subscriptionPort = settings.get('Graphql_Subscription_Port') || 3100;
// the Meteor GraphQL server is an Express server
const graphQLServer = express();

graphQLServer.disable('x-powered-by');

if (settings.get('Graphql_CORS')) {
graphQLServer.use(cors());
}
Expand Down
3 changes: 3 additions & 0 deletions packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ const oauth2server = new OAuth2Server({
debug: true,
});

oauth2server.app.disable('x-powered-by');
oauth2server.routes.disable('x-powered-by');

WebApp.connectHandlers.use(oauth2server.app);

oauth2server.routes.get('/oauth/userinfo', function(req, res) {
Expand Down

0 comments on commit 61debea

Please sign in to comment.