less than 1 minute read

I have never imagined I met again this arcane legacy forgery in 202x, but it’s real. From my old memories, I have been prohibited to enable SSI in Apache or nginx from my ethos, higher-self or something that governs me. SSI is very easy to use, but in old days we have faced tons of exploits and this is why SSI is not popular these days. https://crashtest-security.com/server-side-includes/

Anyway this is cheatsheet when you have met SSI code and need to prepare development environment for maintain or fix something in that code.

How to do it

Install node

Install node.

Prepare modules

npm install connect-ssi express

Prepare app.js

Place app.js in the directory of other contents resides.

const express         = require('express');
const path            = require('path');
const connectSSI      = require('connect-ssi');
const app             = express();
const port            = 3000;
const ssiDirectory    = path.join(__dirname, './'); 
const extSSIvalidated = '.html' // The file extension for your SSI files

const ssiMiddleware = connectSSI({
  baseDir: ssiDirectory,
  ext    : extSSIvalidated

console.log(  `Content is located at ${ssiDirectory}`);
app.listen(port, '', () => {
  console.log(`Server is running  at http://localhost:${port}`);

Run it

Run and access to http://localhost:3000.

node app.js