From a9b252b8fa5ae3cafb1fbadf421095fadeb8fe02 Mon Sep 17 00:00:00 2001 From: Nick O'Leary Date: Tue, 8 Jun 2021 21:17:42 +0100 Subject: [PATCH] Ensure httpServerOptions gets applied to ALL the express apps This is silly. Turns out setting options at a top level app does not percolate down to sub apps (and vice versa). You have to apply the options to ALL express apps. --- .../@node-red/editor-api/lib/admin/index.js | 9 +++++++++ .../@node-red/editor-api/lib/editor/index.js | 10 ++++++---- .../node_modules/@node-red/editor-api/lib/index.js | 8 ++++++++ packages/node_modules/node-red/red.js | 10 ++++++++++ 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/packages/node_modules/@node-red/editor-api/lib/admin/index.js b/packages/node_modules/@node-red/editor-api/lib/admin/index.js index cf3505439..be9bb5317 100644 --- a/packages/node_modules/@node-red/editor-api/lib/admin/index.js +++ b/packages/node_modules/@node-red/editor-api/lib/admin/index.js @@ -39,6 +39,15 @@ module.exports = { var adminApp = express(); + var defaultServerSettings = { + "x-powered-by": false + } + var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{}); + for (var eOption in serverSettings) { + adminApp.set(eOption, serverSettings[eOption]); + } + + // Flows adminApp.get("/flows",needsPermission("flows.read"),flows.get,apiUtil.errorHandler); adminApp.post("/flows",needsPermission("flows.write"),flows.post,apiUtil.errorHandler); diff --git a/packages/node_modules/@node-red/editor-api/lib/editor/index.js b/packages/node_modules/@node-red/editor-api/lib/editor/index.js index 6943027c2..f210d90fe 100644 --- a/packages/node_modules/@node-red/editor-api/lib/editor/index.js +++ b/packages/node_modules/@node-red/editor-api/lib/editor/index.js @@ -64,10 +64,12 @@ module.exports = { } }); } - if (settings.httpServerOptions) { - for (var eOption in settings.httpServerOptions) { - editorApp.set(eOption, settings.httpServerOptions[eOption]); - } + var defaultServerSettings = { + "x-powered-by": false + } + var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{}); + for (var eOption in serverSettings) { + editorApp.set(eOption, serverSettings[eOption]); } editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor); diff --git a/packages/node_modules/@node-red/editor-api/lib/index.js b/packages/node_modules/@node-red/editor-api/lib/index.js index f66e9094b..258e6e514 100644 --- a/packages/node_modules/@node-red/editor-api/lib/index.js +++ b/packages/node_modules/@node-red/editor-api/lib/index.js @@ -64,6 +64,14 @@ function init(settings,_server,storage,runtimeAPI) { } } + var defaultServerSettings = { + "x-powered-by": false + } + var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{}); + for (var eOption in serverSettings) { + adminApp.set(eOption, serverSettings[eOption]); + } + auth.init(settings,storage); var maxApiRequestSize = settings.apiMaxLength || '5mb'; diff --git a/packages/node_modules/node-red/red.js b/packages/node_modules/node-red/red.js index 436537873..2b934fb56 100755 --- a/packages/node_modules/node-red/red.js +++ b/packages/node_modules/node-red/red.js @@ -194,6 +194,16 @@ if (process.env.NODE_RED_ENABLE_PROJECTS) { settings.editorTheme.projects.enabled = !/^false$/i.test(process.env.NODE_RED_ENABLE_PROJECTS); } + +var defaultServerSettings = { + "x-powered-by": false +} +var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{}); +for (var eOption in serverSettings) { + app.set(eOption, serverSettings[eOption]); +} + + // Delay logging of (translated) messages until the RED object has been initialized var delayedLogItems = [];