From f8bb39a512e6427eb333cf509634190a38c334fc Mon Sep 17 00:00:00 2001
From: Jahred Hope <jahredhope@gmail.com>
Date: Thu, 9 May 2019 15:59:27 +1000
Subject: [PATCH] fix(Server): Disable x-powered-by in production

---
 entry/server/server.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/entry/server/server.js b/entry/server/server.js
index 13541a6f4..5a25eb8cc 100644
--- a/entry/server/server.js
+++ b/entry/server/server.js
@@ -18,6 +18,12 @@ if (env === 'development') {
   app.use(express.static(path.join(__dirname, './')));
 }
 
+if (env !== 'development') {
+  // Disable x-powered-by header according to Express Best Practice
+  // https://expressjs.com/en/advanced/best-practice-security.html#at-a-minimum-disable-x-powered-by-header
+  app.disable('x-powered-by');
+}
+
 if (middleware) {
   app.use(middleware);
 }