Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to remove the X-Powered-By header when using onRequest() #754

Closed
SDrinkwater opened this issue Aug 9, 2020 · 5 comments
Closed

Comments

@SDrinkwater
Copy link

Related issues

[REQUIRED] Version info

node: 10.20.1

firebase-functions: 3.9.0

firebase-tools: 8.4.2

firebase-admin: 9.0.0

[REQUIRED] Test case

Deploy the following function, or run it locally with the firebase emulator:

import * as express from 'express';
import { https } from 'firebase-functions';

const app = express();
app.disable('x-powered-by');

app.get('/test', (_req, res) => {
  res.status(200).end();
});

export const api = https.onRequest(app);

[REQUIRED] Steps to reproduce

Run the following command in your terminal (update the url to match the project - this example is using the base emulator url):

curl -i http://localhost:5001/{project-name/hosting-location}/api/test

Notice that the x-powered-by header comes back populated with Express.

[REQUIRED] Expected behavior

I would expect to have full control over which headers are returned with the response when using https.onRequest(). Regardless of which approach I use, this header always gets populated.

I have tried the following approaches:

app.disable('x-powered-by')
app.use(function (req, res, next) {  
  res.removeHeader("x-powered-by");
  next();
});
app.set('x-powered-by', false);  

[REQUIRED] Actual behavior

The x-powered-by header always gets populated with Express.

Were you able to successfully deploy your functions?

Yes, everything deploys successfully with no errors.

@google-oss-bot
Copy link
Collaborator

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@sk-
Copy link
Contributor

sk- commented Aug 12, 2020

@SDrinkwater I think this issue should be raised in https://github.com/GoogleCloudPlatform/functions-framework-nodejs, which is the underlying framework used by cloud functions.

@rhodgkins
Copy link
Contributor

Anyone any ideas how long till the fix in functions-framework-nodejs will be released?

@joehan
Copy link
Contributor

joehan commented May 26, 2021

Hi all, I'm going to close this issue since it is unfortunately out of the control of the maintainers of this repo.

Separately, I've reached out to the maintainers of functions-framework-nodejs to see if there will be a release anytime soon. If I hear back, I will update here. Otherwise, if you are facing this issue, your best bet is to ask about the next release on that repo.

@vpanyushenko
Copy link

For those of you who are still waiting on a fix, I would recommend you just manually change the x-powered-by header to some nonsense value instead of Express. You can do this right before you send the response:

    res.setHeader("x-powered-by", "Whatever you want");
    res.status(200).json({});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants