chore(app-vite/docs/ui): disable x-powered-by header (#13318)

Author: Hashen110

app-vite/templates/ssr/server.js

@@ -22,6 +22,10 @@ import compression from 'compression'
 export function create (/* { ... } */) {
   const app = express()
 
+  // attackers can use this header to detect apps running Express
+  // and then launch specifically-targeted attacks
+  app.disable('x-powered-by')
+
   // place here any middlewares that
   // absolutely need to run before anything else
   if (process.env.PROD) {

docs/src-ssr/server.js

@@ -22,6 +22,10 @@ import compression from 'compression'
 export function create (/* { ... } */) {
   const app = express()
 
+  // attackers can use this header to detect apps running Express
+  // and then launch specifically-targeted attacks
+  app.disable('x-powered-by')
+
   // place here any middlewares that
   // absolutely need to run before anything else
   if (process.env.PROD) {

docs/src/pages/quasar-cli-vite/developing-ssr/ssr-webserver.md

@@ -38,6 +38,10 @@ import compression from 'compression'
 export function create (/* { ... } */) {
   const app = express()
 
+  // attackers can use this header to detect apps running Express
+  // and then launch specifically-targeted attacks
+  app.disable('x-powered-by')
+
   // place here any middlewares that
   // absolutely need to run before anything else
   if (process.env.PROD) {

ui/dev/src-ssr/server.js

@@ -22,6 +22,10 @@ import compression from 'compression'
 export function create (/* { ... } */) {
   const app = express()
 
+  // attackers can use this header to detect apps running Express
+  // and then launch specifically-targeted attacks
+  app.disable('x-powered-by')
+
   // place here any middlewares that
   // absolutely need to run before anything else
   if (process.env.PROD) {