In Node.js/Express, how do I automatically add this header to every "render" response?
// global controllerapp.get('/*',function(req,res,next){ res.header('X-XSS-Protection' , 0 ); next(); // http://expressjs.com/guide.html#passing-route control});
Just make sure this is the first controller you add, order is significant.
For express 4.x, the idiomatic way is as follows:
Implementation
// no mount path; executed for every request.app.use(function (req, res, next) { res.set('X-XSS-Protection', 0); next();});
Test
describe('Response Headers', function () { it('responds with header X-XSS-Protection: 0', function (done) { hippie(app) .get('/any/route/you/can/think/of') .expectHeader('X-XSS-Protection', 0) .end(done); });});
Dev Dependencies (for tests to work)
% npm install --save-dev mocha hippie