I am trying to remove the "x-powered-by" header from all Node-RED API responses because of a pentest finding.
As I see this should have already been done:
But it seems, that for theme path the header is still set.
https://localhost:1880/theme
https://localhost:1880/theme/login/node-red-256-P.png
Response-Header:
X-Powered-By: Express
Node v16.20.0
Node-RED v3.0.2
Can you raise an issue on GitHub so it can be looked at?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy