Issue
I’m using Next to create a web app, and I want to remove x-powered-by from response header, I tried to create custom server and use expressjs .disable('x-powered-by') but it didn’t work.
here is what I’ve done:
const express = require('express')
const next = require('next')
const port = parseInt(process.env.PORT, 10) || 3001
const dev = process.env.NODE_ENV !== 'production'
const app = next({ dev })
const handle = app.getRequestHandler()
app.prepare()
.then(() => {
const server = express()
.use(handle)
server.disable('x-powered-by'); // ???
server.listen(port, (err) => {
if (err) throw err
console.log(`> Ready on http://localhost:${port}`)
})
})
Solution
The following code works. What you are doing here is correct to remove X-Powered-By header from Express. Because you are using Next you need to disable both Next and Express X-Powered-By header.
I did not find api from Next to disable. But you can directly change the object app.config.poweredByHeader = false
const express = require('express')
const next = require('next')
const port = parseInt(process.env.PORT, 10) || 3001
const dev = process.env.NODE_ENV !== 'production'
const app = next({ dev })
const handle = app.getRequestHandler()
app.config.poweredByHeader = false
app.prepare()
.then(() => {
const server = express().use(handle)
server.disable('x-powered-by'); // This disables Express Header
server.listen(port, (err) => {
if (err) throw err
console.log(`> Ready on http://localhost:${port}`)
})
})