Let's turn on all debug logging:
DEBUG=* node index.js
As soon as we start the server, we see some debug output that should be something like the following screenshot:
The first message is as follows:
express:application set "x-powered-by" to true +0ms
Let's make a mental note to add app.disable('x-powered-by') since it's much better for security to not publicly announce the software a server is using.
For more on security and server hardening, see Chapter 8, Dealing with Security.
This debug log line has helped us to understand how our chosen framework actually behaves, and allows us to mitigate any undesired behaviour in an informed manner.
Now let's make a request to the server. If we have curl installed we can do the following:
$ curl http://localhost:3000/some.css
(Or otherwise, we can simply use a browser to access the same route).
This results in more debug output, mostly a very large amount of stylus debug logs:
While it's interesting to see the Stylus parser at work, it's a little overwhelming. Let's try just looking only at express log output:
$ DEBUG=express:* node index.js
And we'll make a request again (we can use curl or a browser as appropriate):
$ curl http://localhost:3000/some.css
This time our log filtering enabled us to easily see the debug messages for an incoming request.