Reputation: 1855
Express.js - Helmet.js and other middleware, and mounted applications?
In a recent learning project, I'm using three Express.js applications to separate the project into more manageable pieces.
One application is the "primary" app, the one that listens for connections. The other two are mounted at specific routes on the primary app.
Is it sufficient to call app.disable('x-powered-by'); on the primary app to disable the X-Powered-By header, or would this need to be done in each of the mounted apps as well?
Similarly, I'm looking into using Helmet.js to try and add a bit of additional security to the entire project. Is it enough to include any middleware from Helmet.js on the primary app, or would these also need to be defined in the mounted apps?
I don't feel as though I understand how some settings and middleware affect mounted Express.js apps, and would appreciate further explanation from anyone with more experience.
Edit: After playing with app.disable('x-powered-by') and examining responses from the server, the X-Powered-By header appears if I don't disable it in both the primary application instance and any mounted application instances. I therefore presume Helmet.js middleware operate the same way, but I'm not 100% certain. Can anyone confirm if this is the expected behavior?
Upvotes: 1
Views: 1290
Answers (1)
Reputation: 12722
You're right about everything you've said.
It sounds like you're doing something like this:
var express = require('express')
var mainApp = express()
var miniAppA = express()
var miniAppB = express()
mainApp.use('/a', miniAppA)
mainApp.use('/b', miniAppB)
mainApp.listen(3000)
This is an okay way to do things, but headers will be overridden in the sub-apps, as you saw.
You can use Express 4's routers feature to mitigate this. Instead of making new mini-apps with express(), you can use express.Router(). These are Express apps with fewer features (for example, they don't set headers the same way).
Something like this might solve your issue:
var express = require('express')
var mainApp = express()
var miniAppA = express.Router()
var miniAppB = express.Router()
mainApp.use('/a', miniAppA)
mainApp.use('/b', miniAppB)
mainApp.listen(3000)
Upvotes: 2
Related Questions
- What's the difference between tilde(~) and caret(^) in package.json?
- How do I pass command line arguments to a Node.js program and receive them?
- What is the difference between "let" and "var"?
- How to get GET (query string) variables in Express.js on Node.js?
- What's the difference between dependencies, devDependencies, and peerDependencies in NPM package.json file?
- What is the difference between call and apply?
- What does "use strict" do in JavaScript, and what is the reasoning behind it?
- How do I completely uninstall Node.js, and reinstall from beginning (Mac OS X)
- How do I debug Node.js applications?
- Node.js / Express.js - How does app.router work?