From 9dc708816402278fb74b069f7b069da66e164329 Mon Sep 17 00:00:00 2001
From: missinglink <insomnia@rcpt.at>
Date: Mon, 4 Nov 2019 15:38:11 +0100
Subject: [PATCH] feat(security): disallow robots from crawling the API

---
 app.js               | 1 +
 middleware/robots.js | 9 +++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 middleware/robots.js

diff --git a/app.js b/app.js
index b6355b958..f27d173c8 100644
--- a/app.js
+++ b/app.js
@@ -10,6 +10,7 @@ if( peliasConfig.api.accessLog ){
 
 app.use( require('./middleware/headers') );
 app.use( require('./middleware/cors') );
+app.use( require('./middleware/robots') );
 app.use( require('./middleware/options') );
 app.use( require('./middleware/jsonp') );
 
diff --git a/middleware/robots.js b/middleware/robots.js
new file mode 100644
index 000000000..c3114e9cf
--- /dev/null
+++ b/middleware/robots.js
@@ -0,0 +1,9 @@
+// Prevent search engines from attempting to index the API
+// https://developers.google.com/search/reference/robots_meta_tag#xrobotstag
+
+function middleware(req, res, next) {
+  res.header('X-Robots-Tag', 'none');
+  next();
+}
+
+module.exports = middleware;
\ No newline at end of file