I'm using Next to create a web app, and I want to remove x-powered-by
from response header, I tried to create custom server and use expressjs .disable('x-powered-by')
but it didn't work.
here is what I've done:
const express = require('express')
const next = require('next')
const port = parseInt(process.env.PORT, 10) || 3001
const dev = process.env.NODE_ENV !== 'production'
const app = next({ dev })
const handle = app.getRequestHandler()
app.prepare()
.then(() => {
const server = express()
.use(handle)
server.disable('x-powered-by'); // ???
server.listen(port, (err) => {
if (err) throw err
console.log(`> Ready on http://localhost:${port}`)
})
})
disable method. app. disable('x-powered-by'); to disable the 'x-powered-by' option which removes the X-Powered-By response header in our Express app.
By default, ExpressJS with NodeJS will return a X-Powered-By header. I wasn't overly impressed by this but it's easy to remove. In your application configuration, at the top, add a new middleware function which removes the header. res.
The simplest way to fix any CORS issues in React and Next. js is actually not to change anything in React or Next. js but instead to fix your server to allow requests from them. If you cannot change the server, both React and Next.
The X-Powered-By header describes the technologies used by the webserver. This information exposes the server to attackers. Using the information in this header, attackers can find vulnerabilities easier.
For me when I use server.disable('x-powered-by');
, was ended up with Next.js 7.0.2
as x-powered-by
value.
adding below line in next.config.js
should work
module.exports = {
poweredByHeader: false,
...
}
or
const app = next({ dev, xPoweredBy: false })
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With