remove header X-powered-by Express using @types/express

Question

I have to remove X-powered-by Express header, I found theses solution

app.disable('x-powered-by');

or

app.use(function (req, res, next) {
  res.removeHeader("X-Powered-By");
  next();
});

but in this project we don't use express in a basic way, we import Express this way in multiple files

import {Express} from 'express'; // @types/Express

and then we call Express.multer.file

I'm new on this project and also on backend development, so how can I remove this header using this way and not the basic way ?

Does this answer your question? [Can't get rid of header X-Powered-By:Express](https://stackoverflow.com/questions/5867199/cant-get-rid-of-header-x-powered-byexpress) — Njuguna Mureithi, May 25 '22 at 09:44
no because there is no const app = express() in the whole application — zedArt, May 25 '22 at 09:46
So what are you using? At some point you need to have that to use express, or you are using different framework? — Seti, May 25 '22 at 09:53

score 3 · Answer 1 · answered May 25 '22 at 11:31

3

You can still use it the "basic" way:

import express, { Express } from 'express';

const app: Express = express();

app.disable('x-powered-by');

answered May 25 '22 at 11:31

robertklep

198,204
35
394
381

on all files whene we import {Express} ? – zedArt May 25 '22 at 12:03
@zedArt no, but at least in one file your project will be creating an Express application. Just using `Express`, the _type_, isn't enough to create a server. – robertklep May 25 '22 at 12:42

akadirdev · Answer 2 · 2022-05-25T11:00:15.907

0

You can remove header in sequence.ts file like this.

export class MySequence extends MiddlewareSequence {
   async handle(context: RequestContext) {
      const res = context.response;
      res.removeHeader('X-Powered-By');

      await super.handle(context);
   }
}

or use helmet package for security of headers. thus remove headers telling how software is developed

edited May 25 '22 at 11:00

answered May 25 '22 at 10:37

akadirdev

70
7

I have a sequence.ts file where there is only this : export class MySequence extends MiddlewareSequence {} I add your recommendation code but how can I test it, if I run website the header is still there – zedArt May 25 '22 at 10:48
When i test any endpoint in postman, i can't see this header – akadirdev May 25 '22 at 11:02

score 0 · Accepted Answer · answered May 26 '22 at 08:14

0

so, the solution I found was in loopback documentation - Express settings

I just add this to my rest config object :

  const config = {
    rest: {
      expressSettings: {
        'x-powered-by': false,
      },
      ...
      ...
    }
   }

answered May 26 '22 at 08:14

zedArt

487
1
10
27

score 0 · Answer 4 · answered Feb 01 '23 at 10:06

0

In case anyone looking for the way to disable it for tinyhttp:

import { App } from '@tinyhttp/app';

const app = new App({
  settings: {
    xPoweredBy: false
  }
});

answered Feb 01 '23 at 10:06

Mechanic

5,015
4
15
38

remove header X-powered-by Express using @types/express

4 Answers4