Merge pull request #114 from built-on-openfin/dev/nick/vulns

Remediate medium-severity snyk vulnerabilities

Author: NicholasNewman

how-to/use-dynamic-manifest/basic/server/src/index.ts

@@ -1,8 +1,26 @@
 import express from "express";
+import rateLimit from "express-rate-limit";
 import path from "path";
 
 const app = express();
 
+// Disable X-Powered-By header for security
+app.disable("x-powered-by");
+
+// Configure rate limiting to prevent DoS attacks
+const limiter = rateLimit({
+	windowMs: 15 * 60 * 1000, // 15 minutes
+	max: 100, // Limit each IP to 100 requests per windowMs
+	message: {
+		error: "Too many requests from this IP, please try again later."
+	},
+	standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+	legacyHeaders: false // Disable the `X-RateLimit-*` headers
+});
+
+// Apply rate limiting to all requests
+app.use(limiter);
+
 const mainPath = path.join(__dirname, "..", "..", "public");
 const port = 5050;
 

how-to/use-logging/use-log-uploader-with-self-hosted-service/server.ts

@@ -5,6 +5,9 @@ import path from "path";
 
 const app = express();
 
+// Disable X-Powered-By header for security
+app.disable("x-powered-by");
+
 app.use(express.json());
 
 // Serve static files from the "public" directory

how-to/use-logging/use-logging-custom-apis/server/src/index.ts

@@ -3,6 +3,9 @@ import multer from "multer";
 import path from "path";
 const app = express();
 
+// Disable X-Powered-By header for security
+app.disable("x-powered-by");
+
 /** COMMON SERVER CONFIGURATION */
 const mainPath = path.join(__dirname, "..", "..", "public");
 const commonPath = path.join(__dirname, "..", "..", "..", "common", "public");