From 6e0f0f92affb00e12db8d7e8245b17e0aa390943 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9l=C3=A8ne=20Martin?= <ln@getodk.org>
Date: Wed, 20 Mar 2024 21:37:30 -0700
Subject: [PATCH 1/2] Remove X-Powered-By header

---
 lib/http/service.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/http/service.js b/lib/http/service.js
index 2e586f469..6b0c99a17 100644
--- a/lib/http/service.js
+++ b/lib/http/service.js
@@ -13,6 +13,7 @@
 
 module.exports = (container) => {
   const service = require('express')();
+  service.disable('x-powered-by');
 
   ////////////////////////////////////////////////////////////////////////////////
   // PRERESOURCE MIDDLEWARE

From ad0e2fc0b0426635d113244e9e34a6e3d3757e18 Mon Sep 17 00:00:00 2001
From: alxndrsn <alxndrsn>
Date: Thu, 21 Mar 2024 09:11:07 +0000
Subject: [PATCH 2/2] Add test for X-Powered-By header

---
 test/integration/other/http-headers.js | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 test/integration/other/http-headers.js

diff --git a/test/integration/other/http-headers.js b/test/integration/other/http-headers.js
new file mode 100644
index 000000000..9b80754cf
--- /dev/null
+++ b/test/integration/other/http-headers.js
@@ -0,0 +1,9 @@
+const should = require('should');
+const { testService } = require('../setup');
+
+describe('http-headers', () => {
+  it('should not include x-powered-by header', testService(async (service) => {
+    const { headers } = await service.get('/v1/users/current');
+    should(headers['x-powered-by']).be.undefined();
+  }));
+});