149

我想删除 X-Powered-By 以确保安全,在 ExpressJS(node.js)中保存带宽。怎么做?可能是 filter(app.use) ?

app.use(function(req,res,next_cb){ /* remove X-Powered-By header */ next_cb(); }
4

3 回答 3

313

不要删除它;要求 Express 首先不要生成它:

https://stackoverflow.com/a/12484642/506073

转到您的app.js,然后:

var app = express();

添加:

app.disable('x-powered-by');
于 2012-10-24T18:32:48.430 回答
228

更好的方法是:

app.disable('x-powered-by');

您还可以制作一个中间件来删除任何标头,如下所示:

app.use(function (req, res, next) {
  res.removeHeader("X-Powered-By");
  next();
});

查看有关如何删除标头的更多信息:

http://nodejs.org/api/http.html#http_response_removeheader_name

于 2012-05-23T10:31:02.727 回答
8

中间件片段来自:Can't get rid of header X-Powered-By:Express

function customHeaders( req, res, next ){
  // Switch off the default 'X-Powered-By: Express' header
  app.disable( 'x-powered-by' );

  // OR set your own header here
  res.setHeader( 'X-Powered-By', 'Awesome App v0.0.1' );

  // .. other headers here

  next();
}

app.use( customHeaders );

// ... now your code goes here
于 2012-10-28T20:10:54.177 回答