From e5d0eb047c9e05ecabdc680bbbb9a196c50f7afe Mon Sep 17 00:00:00 2001 From: Marcel Rengers Date: Sun, 11 Sep 2022 02:34:29 +0200 Subject: [PATCH] Remove x-powered-by header (#211) (#224) --- package.json | 3 ++- src/server.js | 3 ++- yarn.lock | 5 +++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 8aa65e2..4a7b052 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,8 @@ "react": "^18.2.0", "react-dom": "^18.2.0", "react-router-dom": "^6.3.0", - "serialize-javascript": "^6.0.0" + "serialize-javascript": "^6.0.0", + "helmet": "^6.0.0" }, "devDependencies": { "@babel/core": "^7.19.0", diff --git a/src/server.js b/src/server.js index a221cad..30d01d5 100644 --- a/src/server.js +++ b/src/server.js @@ -32,6 +32,7 @@ const jsScriptTagsFromAssets = (assets, entrypoint, extra = '') => { const theme = runtimeConfig.THEME === 'Dark' ? 'dark.css' : 'light.css'; +const helmet = require('helmet'); const server = express(); if (process.env.NODE_ENV === 'production') { @@ -55,7 +56,7 @@ if (process.env.NODE_ENV === 'production') { } server - .disable('x-powered-by') + .use(helmet.hidePoweredBy()) .use(express.static(process.env.RAZZLE_PUBLIC_DIR)) .get('/', (req, res) => { const context = {}; diff --git a/yarn.lock b/yarn.lock index 20d00a7..00c1b01 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4600,6 +4600,11 @@ he@^1.2.0: resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== +helmet@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/helmet/-/helmet-6.0.0.tgz#8e183820ddccd7729a206ad73c577b264f495595" + integrity sha512-FO9RpR1wNJepH/GbLPQVtkE2eESglXL641p7SdyoT4LngHFJcZheHMoyUcjCZF4qpuMMO1u5q6RK0l9Ux8JBcg== + hex-color-regex@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"