Sails comes bundled with a suite of conventional HTTP middleware, ready to use. Naturally, you may choose to disable, override, append to, or rearrange it, but the pre-installed stack is perfectly acceptable for most apps in development or production. Below is a list of the standard HTTP middleware functions that come bundled in Sails, in the order they execute every time the server receives an incoming HTTP request:
| HTTP Middleware Key | Purpose |
|---|---|
| cookieParser * | Parses the cookie header into a clean object for use in subsequent middleware and your application code. |
| session * | Creates or loads a unique session object (req.session) for the requesting user agent based on their cookies and your session configuration. |
| bodyParser | Parses parameters and binary upstreams (for streaming file uploads) from the HTTP request body using Skipper. |
| compress | Compresses response data using gzip/deflate. See compression for details. |
| poweredBy | Attaches an X-Powered-By header to outgoing responses. |
| router * | This is where the bulk of your app logic gets applied to any given request. In addition to running "before" handlers in hooks (e.g. csrf token enforcement) and some internal Sails logic, this routes requests using your app's explicit routes (in sails.config.routes) and/or route blueprints. |
| www * | Serves static files—usually images, stylesheets, scripts—in your app's "public" folder (configured in sails.config.paths, conventionally .tmp/public/) using Connect's static middleware. |
| favicon | Serves the browser favicon for your app if one is provided as /assets/favicon.ico. |
*: The middleware with an asterisk (*) should almost never need to be modified or removed. Please only do so if you really understand what you're doing.