Skip to content

Commit

Permalink
fix: don't advertise express
Browse files Browse the repository at this point in the history
Adding a "x-powered-by" header is considered a security issue.
  • Loading branch information
cgawron committed Apr 10, 2024
1 parent 0fb9d04 commit 9fd1da9
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ const logger = createLogger({
});

const app = express();

// don't advertise that we are using express
app.set('x-powered-by', false);

export const CLIENT_ID = process.env.CLIENT_ID;
export const CLIENT_SECRET = process.env.CLIENT_SECRET;
Expand Down Expand Up @@ -299,7 +300,8 @@ app.use(`${PREFIX}*`,
return proxyReqOpts;
},
proxyReqBodyDecorator: function (bodyContent, srcReq) {
logger.debug('bodyContent', bodyContent, srcReq.body, srcReq.headers);
logger.debug('bodyContent1', srcReq.body, srcReq.headers);
logger.debug('bodyContent2', bodyContent);
if (!srcReq.body || srcReq.method === 'GET') {
logger.debug('no body content in GET request')
return "";
Expand Down

0 comments on commit 9fd1da9

Please sign in to comment.