无法在 Node Express 中删除 x-powered-by header
Can't remove x-powered-by header in Node Express
我已经浏览了我能找到的关于该主题的所有问题和博客,但我无法摆脱 x-powered-by:表达。
这是我的应用程序,它的唯一功能是不显示“x-powered-by: express”header,结合了我能找到的有关如何执行此操作的所有建议。我已经分别尝试了每一个,但 none 有效果:
"use strict";
var express = require("express");
var app = express();
app.set("x-powered-by", "your mum");
const helmet = require("helmet");
app.use(helmet());
const killHeader = (req, res, next) => {
res.removeHeader("X-Powered-By");
next();
};
app.get("/", killHeader, (req, res) => {
res.header("X-powered-by", "A sack of rats");
res.removeHeader("X-Powered-By");
res.send("Hello world without x-powered headers");
});
app.disable("x-powered-by");
app.listen(3000, function () {
console.log("Running");
});
我觉得我一定是遗漏了关于 header 的生成和发送位置的关键信息,因为在 [ 的网络选项卡中检查时,上述策略的组合不会产生差异=22=]。环境是windows,运行 via VSCode,但是我在Ubuntu.
的Ngix上有同样的问题
您必须从浏览器中获取缓存响应。尝试检查 Chrome Dev Tools 上的 disable cache
选项或使用隐身选项卡。 Helmet 中间件默认删除 X-powered-by header。以下代码
const express = require("express");
const app = express();
const helmet = require("helmet");
app.use(helmet());
app.get("/", (req, res) => {
res.send("Hello world without x-powered headers");
});
app.listen(3000, function () {
console.log("Running");
});
Returns以下headers
HTTP/1.1 200 OK
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Content-Length: 37
ETag: W/"25-CWR19lYRAgXhHOXfwllpUDHFWas"
Date: Mon, 19 Apr 2021 17:37:11 GMT
Connection: keep-alive
使用以下依赖版本进行测试
"dependencies": {
"express": "4.16.4",
"helmet": "3.21.2"
}
我已经浏览了我能找到的关于该主题的所有问题和博客,但我无法摆脱 x-powered-by:表达。
这是我的应用程序,它的唯一功能是不显示“x-powered-by: express”header,结合了我能找到的有关如何执行此操作的所有建议。我已经分别尝试了每一个,但 none 有效果:
"use strict";
var express = require("express");
var app = express();
app.set("x-powered-by", "your mum");
const helmet = require("helmet");
app.use(helmet());
const killHeader = (req, res, next) => {
res.removeHeader("X-Powered-By");
next();
};
app.get("/", killHeader, (req, res) => {
res.header("X-powered-by", "A sack of rats");
res.removeHeader("X-Powered-By");
res.send("Hello world without x-powered headers");
});
app.disable("x-powered-by");
app.listen(3000, function () {
console.log("Running");
});
我觉得我一定是遗漏了关于 header 的生成和发送位置的关键信息,因为在 [ 的网络选项卡中检查时,上述策略的组合不会产生差异=22=]。环境是windows,运行 via VSCode,但是我在Ubuntu.
的Ngix上有同样的问题您必须从浏览器中获取缓存响应。尝试检查 Chrome Dev Tools 上的 disable cache
选项或使用隐身选项卡。 Helmet 中间件默认删除 X-powered-by header。以下代码
const express = require("express");
const app = express();
const helmet = require("helmet");
app.use(helmet());
app.get("/", (req, res) => {
res.send("Hello world without x-powered headers");
});
app.listen(3000, function () {
console.log("Running");
});
Returns以下headers
HTTP/1.1 200 OK
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Content-Length: 37
ETag: W/"25-CWR19lYRAgXhHOXfwllpUDHFWas"
Date: Mon, 19 Apr 2021 17:37:11 GMT
Connection: keep-alive
使用以下依赖版本进行测试
"dependencies": {
"express": "4.16.4",
"helmet": "3.21.2"
}