freeCodeCamp/curriculum/challenges/chinese/09-information-security/information-security-with-helmetjs/hide-potentially-dangerous-information-using-helmet.hidepoweredby.md

---
id: 587d8247367417b2b2512c37
title: 使用 helmet.hidePoweredBy() 隐藏潜在的危险信息
challengeType: 2
forumTopicId: 301580
dashedName: hide-potentially-dangerous-information-using-helmet-hidepoweredby
---

# --description--

请注意，本项目在[这个 Repl.it 项目](https://replit.com/github/freeCodeCamp/boilerplate-infosec)的基础上进行开发。你也可以从 [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/) 上克隆。

如果黑客发现你的网站是用 Express 搭建的，那么他们就可以利用 Express 或 Node 现存的漏洞来攻击你的网站。 `X-Powered-By: Express` 默认在来自 Express 的每个请求中被发送。 使用 `helmet.hidePoweredBy()` 中间件来移除 X-Powered-By 头。

# --hints--

应正确地安装 helmet.hidePoweredBy() 中间件

```js
(getUserInput) =>
  $.get(getUserInput('url') + '/_api/app-info').then(
    (data) => {
      assert.include(data.appStack, 'hidePoweredBy');
      assert.notEqual(data.headers['x-powered-by'], 'Express');
    },
    (xhr) => {
      throw new Error(xhr.responseText);
    }
  );
```

# --solutions--

```js
/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/
```
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00			`---`
			`id: 587d8247367417b2b2512c37`
chore(i18n,chn): manually downloaded curriculum (#42858) 2021-07-15 13:04:11 +05:30			`title: 使用 helmet.hidePoweredBy() 隐藏潜在的危险信息`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00			`challengeType: 2`
feat(i18n/Chinese): add translation of Information Security with HelmetJS (2/4) (#39540) 2020-09-17 03:53:22 -07:00			`forumTopicId: 301580`
feat(curriculum): restore seed + solution to Chinese (#40683) * feat(tools): add seed/solution restore script * chore(curriculum): remove empty sections' markers * chore(curriculum): add seed + solution to Chinese * chore: remove old formatter * fix: update getChallenges parse translated challenges separately, without reference to the source * chore(curriculum): add dashedName to English * chore(curriculum): add dashedName to Chinese * refactor: remove unused challenge property 'name' * fix: relax dashedName requirement * fix: stray tag Remove stray `pre` tag from challenge file. Signed-off-by: nhcarrigan <nhcarrigan@gmail.com> Co-authored-by: nhcarrigan <nhcarrigan@gmail.com> 2021-01-13 03:31:00 +01:00			`dashedName: hide-potentially-dangerous-information-using-helmet-hidepoweredby`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00			`---`

chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 00:37:30 -07:00			`# --description--`
feat(i18n/Chinese): add translation of Information Security with HelmetJS (2/4) (#39540) 2020-09-17 03:53:22 -07:00
chore(i18n,chn): manually downloaded curriculum (#42858) 2021-07-15 13:04:11 +05:30			`请注意，本项目在[这个 Repl.it 项目](https://replit.com/github/freeCodeCamp/boilerplate-infosec)的基础上进行开发。你也可以从 [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/) 上克隆。`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00
chore(i18n,chn): manually downloaded curriculum (#42858) 2021-07-15 13:04:11 +05:30			如果黑客发现你的网站是用 Express 搭建的，那么他们就可以利用 Express 或 Node 现存的漏洞来攻击你的网站。 `X-Powered-By: Express` 默认在来自 Express 的每个请求中被发送。使用 `helmet.hidePoweredBy()` 中间件来移除 X-Powered-By 头。
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 00:37:30 -07:00			`# --hints--`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00
chore(i18n,chn): manually downloaded curriculum (#42858) 2021-07-15 13:04:11 +05:30			`应正确地安装 helmet.hidePoweredBy() 中间件`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00
			```js
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 00:37:30 -07:00			`(getUserInput) =>`
			`$.get(getUserInput('url') + '/_api/app-info').then(`
			`(data) => {`
			`assert.include(data.appStack, 'hidePoweredBy');`
			`assert.notEqual(data.headers['x-powered-by'], 'Express');`
			`},`
			`(xhr) => {`
			`throw new Error(xhr.responseText);`
			`}`
			`);`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 18:03:03 -04:00			```
fix: insert blank line after ``` search and replace ```\n< with ```\n\n< to ensure there's an empty line before closing tags 2020-08-13 17:24:35 +02:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 00:37:30 -07:00			`# --solutions--`

feat(curriculum): restore seed + solution to Chinese (#40683) * feat(tools): add seed/solution restore script * chore(curriculum): remove empty sections' markers * chore(curriculum): add seed + solution to Chinese * chore: remove old formatter * fix: update getChallenges parse translated challenges separately, without reference to the source * chore(curriculum): add dashedName to English * chore(curriculum): add dashedName to Chinese * refactor: remove unused challenge property 'name' * fix: relax dashedName requirement * fix: stray tag Remove stray `pre` tag from challenge file. Signed-off-by: nhcarrigan <nhcarrigan@gmail.com> Co-authored-by: nhcarrigan <nhcarrigan@gmail.com> 2021-01-13 03:31:00 +01:00			```js
			`/**`
			`Backend challenges don't need solutions,`
			`because they would need to be tested against a full working project.`
			`Please check our contributing guidelines to learn more.`
			`*/`
			```