From 61debeaed8ff8b03aaa20db8af77efcd7c7cf9ea Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Mon, 25 Feb 2019 12:34:05 -0300 Subject: [PATCH] [IMPROVE] Disable X-Powered-By header in all known express middlewares (#13388) --- packages/rocketchat-apps/server/bridges/api.js | 2 +- packages/rocketchat-graphql/server/api.js | 2 ++ .../server/oauth/oauth2-server.js | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/rocketchat-apps/server/bridges/api.js b/packages/rocketchat-apps/server/bridges/api.js index 346e574ee586..94e69f259838 100644 --- a/packages/rocketchat-apps/server/bridges/api.js +++ b/packages/rocketchat-apps/server/bridges/api.js @@ -4,7 +4,7 @@ import { WebApp } from 'meteor/webapp'; const apiServer = express(); -apiServer.set('x-powered-by', false); +apiServer.disable('x-powered-by'); WebApp.connectHandlers.use(apiServer); diff --git a/packages/rocketchat-graphql/server/api.js b/packages/rocketchat-graphql/server/api.js index 734e524a90e0..147650337163 100644 --- a/packages/rocketchat-graphql/server/api.js +++ b/packages/rocketchat-graphql/server/api.js @@ -16,6 +16,8 @@ const subscriptionPort = settings.get('Graphql_Subscription_Port') || 3100; // the Meteor GraphQL server is an Express server const graphQLServer = express(); +graphQLServer.disable('x-powered-by'); + if (settings.get('Graphql_CORS')) { graphQLServer.use(cors()); } diff --git a/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js b/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js index ed6f8be4348a..a5e6e56794d9 100644 --- a/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js +++ b/packages/rocketchat-oauth2-server-config/server/oauth/oauth2-server.js @@ -12,6 +12,9 @@ const oauth2server = new OAuth2Server({ debug: true, }); +oauth2server.app.disable('x-powered-by'); +oauth2server.routes.disable('x-powered-by'); + WebApp.connectHandlers.use(oauth2server.app); oauth2server.routes.get('/oauth/userinfo', function(req, res) {