Application Object

The app object conventionally denotes the Express application. Create it by calling the top-level express() function exported by the Express module:

var express = require('express');
var app = express();

app.get('/', function (req, res) {
  res.send('hello world');
});

app.listen(3000);

The app object has methods for

Routing HTTP requests; see for example, app.METHOD and app.param.
Configuring middleware; see app.route.
Rendering HTML views; see app.render.
Registering a template engine; see app.engine.

It also has settings (properties) that affect how the application behaves; for more information, see Application settings.

Note

The Express application object can be referred from the request object and the response object as req.app, and res.app, respectively.

Properties

app.locals

The app.locals object has properties that are local variables within the application, and will be available in templates rendered with res.render.

Warning

The locals object is used by view engines to render a response. The object keys may be particularly sensitive and should not contain user-controlled input, as it may affect the operation of the view engine or provide a path to cross-site scripting. Consult the documentation for the used view engine for additional considerations.

console.dir(app.locals.title);
// => 'My App'

console.dir(app.locals.email);
// => '[email protected]'

Once set, the value of app.locals properties persist throughout the life of the application, in contrast with res.locals properties that are valid only for the lifetime of the request.

You can access local variables in templates rendered within the application. This is useful for providing helper functions to templates, as well as application-level data. Local variables are available in middleware via req.app.locals (see req.app)

app.locals.title = 'My App';
app.locals.strftime = require('strftime');
app.locals.email = '[email protected]';

app.mountpath

The app.mountpath property contains one or more path patterns on which a sub-app was mounted.

Note

A sub-app is an instance of express that may be used for handling the request to a route.

const express = require('express');

const app = express(); // the main app
const admin = express(); // the sub app

admin.get('/', (req, res) => {
  console.log(admin.mountpath); // /admin
  res.send('Admin Homepage');
});

app.use('/admin', admin); // mount the sub app

It is similar to the baseUrl property of the req object, except req.baseUrl returns the matched URL path, instead of the matched patterns.

If a sub-app is mounted on multiple path patterns, app.mountpath returns the list of patterns it is mounted on, as shown in the following example.

const admin = express();

admin.get('/', (req, res) => {
  console.log(admin.mountpath); // [ '/adm{*splat}n', '/manager' ]
  res.send('Admin Homepage');
});

const secret = express();
secret.get('/', (req, res) => {
  console.log(secret.mountpath); // /secr{*splat}t
  res.send('Admin Secret');
});

admin.use('/secr{*splat}t', secret); // load the 'secret' router on '/secr{*splat}t', on the 'admin' sub app
app.use(['/adm{*splat}n', '/manager'], admin); // load the 'admin' router on '/adm{*splat}n' and '/manager', on the parent app

app.router

The application’s in-built instance of router. This is created lazily, on first access.

const express = require('express');
const app = express();
const router = app.router;

router.get('/', (req, res) => {
  res.send('hello world');
});

app.listen(3000);

You can add middleware and HTTP method routes to the router just like an application.

For more information, see Router.

Events

app.on(‘mount’, callback(parent))

The mount event is fired on a sub-app, when it is mounted on a parent app. The parent app is passed to the callback function.

Note

NOTE

Sub-apps will:

Not inherit the value of settings that have a default value. You must set the value in the sub-app.
Inherit the value of settings with no default value.

For details, see Application settings.

const admin = express();

admin.on('mount', (parent) => {
  console.log('Admin Mounted');
  console.log(parent); // refers to the parent app
});

admin.get('/', (req, res) => {
  res.send('Admin Homepage');
});

app.use('/admin', admin);

Methods

app.all(path, callback [, callback …])

This method is like the standard app.METHOD() methods, except it matches all HTTP verbs.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Examples

The following callback is executed for requests to /secret whether using GET, POST, PUT, DELETE, or any other HTTP request method:

app.all('/secret', (req, res, next) => {
  console.log('Accessing the secret section ...');
  next(); // pass control to the next handler
});

The app.all() method is useful for mapping “global” logic for specific path prefixes or arbitrary matches. For example, if you put the following at the top of all other route definitions, it requires that all routes from that point on require authentication, and automatically load a user. Keep in mind that these callbacks do not have to act as end-points: loadUser can perform a task, then call next() to continue matching subsequent routes.

app.all('{*splat}', requireAuthentication, loadUser);

Or the equivalent:

app.all('{*splat}', requireAuthentication);
app.all('{*splat}', loadUser);

Another example is white-listed “global” functionality. The example is similar to the ones above, but it only restricts paths that start with “/api”:

app.all('/api/{*splat}', requireAuthentication);

app.delete(path, callback [, callback …])

Routes HTTP DELETE requests to the specified path with the specified callback functions. For more information, see the routing guide.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Example

app.delete('/', (req, res) => {
  res.send('DELETE request to homepage');
});

app.disable(name)

Sets the Boolean setting name to false, where name is one of the properties from the app settings table. Calling app.set('foo', false) for a Boolean property is the same as calling app.disable('foo').

For example:

app.disable('trust proxy');
app.get('trust proxy');
// => false

app.disabled(name)

Returns true if the Boolean setting name is disabled (false), where name is one of the properties from the app settings table.

app.disabled('trust proxy');
// => true

app.enable('trust proxy');
app.disabled('trust proxy');
// => false

app.enable(name)

Sets the Boolean setting name to true, where name is one of the properties from the app settings table. Calling app.set('foo', true) for a Boolean property is the same as calling app.enable('foo').

app.enable('trust proxy');
app.get('trust proxy');
// => true

app.enabled(name)

Returns true if the setting name is enabled (true), where name is one of the properties from the app settings table.

app.enabled('trust proxy');
// => false

app.enable('trust proxy');
app.enabled('trust proxy');
// => true

app.engine(ext, callback)

Registers the given template engine callback as ext.

By default, Express will require() the engine based on the file extension. For example, if you try to render a “foo.pug” file, Express invokes the following internally, and caches the require() on subsequent calls to increase performance.

app.engine('pug', require('pug').__express);

Use this method for engines that do not provide .__express out of the box, or if you wish to “map” a different extension to the template engine.

For example, to map the EJS template engine to “.html” files:

app.engine('html', require('ejs').renderFile);

In this case, EJS provides a .renderFile() method with the same signature that Express expects: (path, options, callback), though note that it aliases this method as ejs.__express internally so if you’re using “.ejs” extensions you don’t need to do anything.

Some template engines do not follow this convention. The consolidate.js library maps Node template engines to follow this convention, so they work seamlessly with Express.

const engines = require('consolidate');
app.engine('haml', engines.haml);
app.engine('html', engines.hogan);

app.get(name)

Returns the value of name app setting, where name is one of the strings in the app settings table. For example:

app.get('title');
// => undefined

app.set('title', 'My Site');
app.get('title');
// => "My Site"

app.get(path, callback [, callback …])

Routes HTTP GET requests to the specified path with the specified callback functions.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

For more information, see the routing guide.

Example

app.get('/', (req, res) => {
  res.send('GET request to homepage');
});

app.listen(path, [callback])

Starts a UNIX socket and listens for connections on the given path. This method is identical to Node’s http.Server.listen().

const express = require('express');
const app = express();
app.listen('/tmp/sock');

app.listen([port[, host[, backlog]]][, callback])

Binds and listens for connections on the specified host and port. This method is identical to Node’s http.Server.listen().

If port is omitted or is 0, the operating system will assign an arbitrary unused port, which is useful for cases like automated tasks (tests, etc.).

const express = require('express');
const app = express();
app.listen(3000);

The app returned by express() is in fact a JavaScript Function, designed to be passed to Node’s HTTP servers as a callback to handle requests. This makes it easy to provide both HTTP and HTTPS versions of your app with the same code base, as the app does not inherit from these (it is simply a callback):

const express = require('express');
const https = require('https');
const http = require('http');
const app = express();

http.createServer(app).listen(80);
https.createServer(options, app).listen(443);

The app.listen() method returns an http.Server object and (for HTTP) is a convenience method for the following:

app.listen = function () {
  const server = http.createServer(this);
  return server.listen.apply(server, arguments);
};

Note

All the forms of Node’s http.Server.listen() method are in fact actually supported.

app.METHOD(path, callback [, callback …])

Routes an HTTP request, where METHOD is the HTTP method of the request, such as GET, PUT, POST, and so on, in lowercase. Thus, the actual methods are app.get(), app.post(), app.put(), and so on. See Routing methods below for the complete list.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Routing methods

Express supports the following routing methods corresponding to the HTTP methods of the same names:

checkout
copy
delete
get
head
lock
merge
mkactivity

mkcol
move
m-search
notify
options
patch
post

purge
put
report
search
subscribe
trace
unlock
unsubscribe

The API documentation has explicit entries only for the most popular HTTP methods app.get(), app.post(), app.put(), and app.delete(). However, the other methods listed above work in exactly the same way.

To route methods that translate to invalid JavaScript variable names, use the bracket notation. For example, app['m-search']('/', function ....

Note

The app.get() function is automatically called for the HTTP HEAD method in addition to the GET method if app.head() was not called for the path before app.get().

The method, app.all(), is not derived from any HTTP method and loads middleware at the specified path for all HTTP request methods. For more information, see app.all.

For more information on routing, see the routing guide.

app.param(name, callback)

Add callback triggers to route parameters, where name is the name of the parameter or an array of them, and callback is the callback function. The parameters of the callback function are the request object, the response object, the next middleware, the value of the parameter and the name of the parameter, in that order.

If name is an array, the callback trigger is registered for each parameter declared in it, in the order in which they are declared. Furthermore, for each declared parameter except the last one, a call to next inside the callback will call the callback for the next declared parameter. For the last parameter, a call to next will call the next middleware in place for the route currently being processed, just like it would if name were just a string.

For example, when :user is present in a route path, you may map user loading logic to automatically provide req.user to the route, or perform validations on the parameter input.

app.param('user', (req, res, next, id) => {
  // try to get the user details from the User model and attach it to the request object
  User.find(id, (err, user) => {
    if (err) {
      next(err);
    } else if (user) {
      req.user = user;
      next();
    } else {
      next(new Error('failed to load user'));
    }
  });
});

Param callback functions are local to the router on which they are defined. They are not inherited by mounted apps or routers, nor are they triggered for route parameters inherited from parent routers. Hence, param callbacks defined on app will be triggered only by route parameters defined on app routes.

All param callbacks will be called before any handler of any route in which the param occurs, and they will each be called only once in a request-response cycle, even if the parameter is matched in multiple routes, as shown in the following examples.

app.param('id', (req, res, next, id) => {
  console.log('CALLED ONLY ONCE');
  next();
});

app.get('/user/:id', (req, res, next) => {
  console.log('although this matches');
  next();
});

app.get('/user/:id', (req, res) => {
  console.log('and this matches too');
  res.end();
});

On GET /user/42, the following is printed:

CALLED ONLY ONCE
although this matches
and this matches too

app.param(['id', 'page'], (req, res, next, value) => {
  console.log('CALLED ONLY ONCE with', value);
  next();
});

app.get('/user/:id/:page', (req, res, next) => {
  console.log('although this matches');
  next();
});

app.get('/user/:id/:page', (req, res) => {
  console.log('and this matches too');
  res.end();
});

On GET /user/42/3, the following is printed:

CALLED ONLY ONCE with 42
CALLED ONLY ONCE with 3
although this matches
and this matches too

app.path()

Returns the canonical path of the app, a string.

const app = express();
const blog = express();
const blogAdmin = express();

app.use('/blog', blog);
blog.use('/admin', blogAdmin);

console.log(app.path()); // ''
console.log(blog.path()); // '/blog'
console.log(blogAdmin.path()); // '/blog/admin'

The behavior of this method can become very complicated in complex cases of mounted apps: it is usually better to use req.baseUrl to get the canonical path of the app.

app.post(path, callback [, callback …])

Routes HTTP POST requests to the specified path with the specified callback functions. For more information, see the routing guide.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Example

app.post('/', (req, res) => {
  res.send('POST request to homepage');
});

app.put(path, callback [, callback …])

Routes HTTP PUT requests to the specified path with the specified callback functions.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Example

app.put('/', (req, res) => {
  res.send('PUT request to homepage');
});

app.render(view, [locals], callback)

Returns the rendered HTML of a view via the callback function. It accepts an optional parameter that is an object containing local variables for the view. It is like res.render(), except it cannot send the rendered view to the client on its own.

Note

Think of app.render() as a utility function for generating rendered view strings. Internally res.render() uses app.render() to render views.

Warning

The view argument performs file system operations like reading a file from disk and evaluating Node.js modules, and as so for security reasons should not contain input from the end-user.

Warning

Caution

The local variable cache is reserved for enabling view cache. Set it to true, if you want to cache view during development; view caching is enabled in production by default.

app.render('email', (err, html) => {
  // ...
});

app.render('email', { name: 'Tobi' }, (err, html) => {
  // ...
});

app.route(path)

Returns an instance of a single route, which you can then use to handle HTTP verbs with optional middleware. Use app.route() to avoid duplicate route names (and thus typo errors).

const app = express();

app
  .route('/events')
  .all((req, res, next) => {
    // runs for all HTTP verbs first
    // think of it as route specific middleware!
  })
  .get((req, res, next) => {
    res.json({});
  })
  .post((req, res, next) => {
    // maybe add a new event...
  });

app.set(name, value)

Assigns setting name to value. You may store any value that you want, but certain names can be used to configure the behavior of the server. These special names are listed in the app settings table.

Calling app.set('foo', true) for a Boolean property is the same as calling app.enable('foo'). Similarly, calling app.set('foo', false) for a Boolean property is the same as calling app.disable('foo').

Retrieve the value of a setting with app.get().

app.set('title', 'My Site');
app.get('title'); // "My Site"

Application Settings

The following table lists application settings.

Note that sub-apps will:

Not inherit the value of settings that have a default value. You must set the value in the sub-app.
Inherit the value of settings with no default value; these are explicitly noted in the table below.

Exceptions: Sub-apps will inherit the value of trust proxy even though it has a default value (for backward-compatibility); Sub-apps will not inherit the value of view cache in production (when NODE_ENV is “production”).

Property	Type	Description	Default
`case sensitive routing`	Boolean	Enable case sensitivity. When enabled, “/Foo” and “/foo” are different routes. When disabled, “/Foo” and “/foo” are treated the same. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`env`	String	Environment mode. Be sure to set to “production” in a production environment; see Production best practices: performance and reliability.	`process.env.NODE_ENV` (`NODE_ENV` environment variable) or “development” if `NODE_ENV` is not set.
`etag`	Varied	Set the ETag response header. For possible values, see the `etag` options table below. More about the HTTP ETag header.	`weak`
`jsonp callback name`	String	Specifies the default JSONP callback name.	”callback”
`json escape`	Boolean	Enable escaping JSON responses from the `res.json`, `res.jsonp`, and `res.send` APIs. This will escape the characters `<`, `>`, and `&` as Unicode escape sequences in JSON. The purpose of this is to assist with mitigating certain types of persistent XSS attacks when clients sniff responses for HTML. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`json replacer`	Varied	The ‘replacer’ argument used by `JSON.stringify`. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`json spaces`	Varied	The ‘space’ argument used by `JSON.stringify`. This is typically set to the number of spaces to use to indent prettified JSON. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`query parser`	Varied	Disable query parsing by setting the value to `false`, or set the query parser to use either “simple” or “extended” or a custom query string parsing function. The simple query parser is based on Node’s native query parser, querystring. The extended query parser is based on qs. A custom query string parsing function will receive the complete query string, and must return an object of query keys and their values.	”simple”
`strict routing`	Boolean	Enable strict routing. When enabled, the router treats “/foo” and “/foo/” as different. Otherwise, the router treats “/foo” and “/foo/” as the same. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`subdomain offset`	Number	The number of dot-separated parts of the host to remove to access subdomain.	2
`trust proxy`	Varied	Indicates the app is behind a front-facing proxy, and to use the `X-Forwarded-` headers to determine the connection and the IP address of the client. NOTE: `X-Forwarded-` headers are easily spoofed and the detected IP addresses are unreliable. When enabled, Express attempts to determine the IP address of the client connected through the front-facing proxy, or series of proxies. The `req.ips` property, then contains an array of IP addresses the client is connected through. To enable it, use the values described in the trust proxy options table below. The `trust proxy` setting is implemented using the proxy-addr package. For more information, see its documentation. NOTE: Sub-apps will inherit the value of this setting, even though it has a default value.	`false` (disabled)
`views`	String or Array	A directory or an array of directories for the application’s views. If an array, the views are looked up in the order they occur in the array.	`process.cwd() + '/views'`
`view cache`	Boolean	Enables view template compilation caching. NOTE: Sub-apps will not inherit the value of this setting in production (when `NODE_ENV` is “production”).	`true` in production, otherwise undefined.
`view engine`	String	The default engine extension to use when omitted. NOTE: Sub-apps will inherit the value of this setting.	N/A (undefined)
`x-powered-by`	Boolean	Enables the “X-Powered-By: Express” HTTP header.	`true`

Options for `trust proxy` setting

Read Express behind proxies for more information.

Boolean: If true, the client’s IP address is understood as the left-most entry in the X-Forwarded-* header. If false, the app is understood as directly facing the Internet and the client’s IP address is derived from req.connection.remoteAddress. This is the default setting.

String / String containing comma-separated values / Array of strings: An IP address, subnet, or an array of IP addresses, and subnets to trust. Pre-configured subnet names are:

loopback - 127.0.0.1/8, ::1/128
linklocal - 169.254.0.0/16, fe80::/10
uniquelocal - 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7

Set IP addresses in any of the following ways:

Specify a single subnet:

app.set('trust proxy', 'loopback');

Specify a subnet and an address:

app.set('trust proxy', 'loopback, 123.123.123.123');

Specify multiple subnets as CSV:

app.set('trust proxy', 'loopback, linklocal, uniquelocal');

Specify multiple subnets as an array:

app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']);

When specified, the IP addresses or the subnets are excluded from the address determination process, and the untrusted IP address nearest to the application server is determined as the client’s IP address.

Number: Trust the nth hop from the front-facing proxy server as the client.

Function: Custom trust implementation. Use this only if you know what you are doing.

app.set('trust proxy', (ip) => {
  if (ip === '127.0.0.1' || ip === '123.123.123.123')
    return true; // trusted IPs
  else return false;
});

Options for `etag` setting

NOTE: These settings apply only to dynamic files, not static files. The express.static middleware ignores these settings.

The ETag functionality is implemented using the etag package. For more information, see its documentation.

Type	Value
Boolean	`true` enables weak ETag. This is the default setting. `false` disables ETag altogether.
String	If “strong”, enables strong ETag. If “weak”, enables weak ETag.
Function	Custom ETag function implementation. Use this only if you know what you are doing.

app.set('etag', (body, encoding) => {
  return generateHash(body, encoding); // consider the function is defined
});

app.use([path,] callback [, callback…])

Mounts the specified middleware function or functions at the specified path: the middleware function is executed when the base of the requested path matches path.

Arguments

Argument	Description	Default
`path`	The path for which the middleware function is invoked. It can be any of the following: a string representing a path, a path pattern, a regular expression pattern to match paths, or an array containing any combination of the above. For examples, see Path examples.	`'/'` (root path)
`callback`	One or more callback functions. Accepted formats: a single middleware function, multiple middleware functions separated by commas, an array of middleware functions, or a combination of the above. You may provide multiple callbacks that behave like middleware. These can call `next('route')` to skip remaining callbacks for the current route. This is useful for conditional routing logic. If a callback throws an error or returns a rejected promise, `next(err)` is invoked automatically. Since both router and app implement the middleware interface, they can also be used as callback middleware. For examples, see Middleware callback function examples.	None

Description

A route will match any path that follows its path immediately with a “/”. For example: app.use('/apple', ...) will match “/apple”, “/apple/images”, “/apple/images/news”, and so on.

Since path defaults to ”/”, middleware mounted without a path will be executed for every request to the app. For example, this middleware function will be executed for every request to the app:

app.use((req, res, next) => {
  console.log('Time: %d', Date.now());
  next();
});

Note

NOTE

Sub-apps will:

Not inherit the value of settings that have a default value. You must set the value in the sub-app.
Inherit the value of settings with no default value.

For details, see Application settings.

Middleware functions are executed sequentially, therefore the order of middleware inclusion is important.

// this middleware will not allow the request to go beyond it
app.use((req, res, next) => {
  res.send('Hello World');
});

// requests will never reach this route
app.get('/', (req, res) => {
  res.send('Welcome');
});

Error-handling middleware

Error-handling middleware always takes four arguments. You must provide four arguments to identify it as an error-handling middleware function. Even if you don’t need to use the next object, you must specify it to maintain the signature. Otherwise, the next object will be interpreted as regular middleware and will fail to handle errors. For details about error-handling middleware, see: Error handling.

Define error-handling middleware functions in the same way as other middleware functions, except with four arguments instead of three, specifically with the signature (err, req, res, next)):

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke!');
});

Path examples

The following table provides some simple examples of valid path values for mounting middleware.

Path: Matches the exact path /abcd and any sub-paths starting with /abcd/ (for example, /abcd/foo):

app.use('/abcd', (req, res, next) => {
  next();
});

Path Pattern: This will match paths starting with /abcd and /abd:

app.use('/ab{c}d', (req, res, next) => {
  next();
});

Regular Expression: This will match paths starting with /abc and /xyz:

app.use(/\/abc|\/xyz/, (req, res, next) => {
  next();
});

Array: This will match paths starting with /abcd, /xyza, /lmn, and /pqr:

app.use(['/abcd', '/xyza', /\/lmn|\/pqr/], (req, res, next) => {
  next();
});

Middleware callback function examples

The following table provides some simple examples of middleware functions that can be used as the callback argument to app.use(), app.METHOD(), and app.all().

Single Middleware: You can define and mount a middleware function locally.

app.use((req, res, next) => {
  next();
});

A router is valid middleware.

const router = express.Router();
router.get('/', (req, res, next) => {
  next();
});
app.use(router);

An Express app is valid middleware.

const subApp = express();
subApp.get('/', (req, res, next) => {
  next();
});
app.use(subApp);

Series of Middleware: You can specify more than one middleware function at the same mount path.

const r1 = express.Router();
r1.get('/', (req, res, next) => {
  next();
});

const r2 = express.Router();
r2.get('/', (req, res, next) => {
  next();
});

app.use(r1, r2);

Array: Use an array to group middleware logically.

const r1 = express.Router();
r1.get('/', (req, res, next) => {
  next();
});

const r2 = express.Router();
r2.get('/', (req, res, next) => {
  next();
});

app.use([r1, r2]);

Combination: You can combine all the above ways of mounting middleware.

function mw1(req, res, next) {
  next();
}
function mw2(req, res, next) {
  next();
}

const r1 = express.Router();
r1.get('/', (req, res, next) => {
  next();
});

const r2 = express.Router();
r2.get('/', (req, res, next) => {
  next();
});

const subApp = express();
subApp.get('/', (req, res, next) => {
  next();
});

app.use(mw1, [mw2, r1, r2], subApp);

Following are some examples of using the express.static middleware in an Express app.

Serve static content for the app from the “public” directory in the application directory:

// GET /style.css etc
app.use(express.static(path.join(__dirname, 'public')));

Mount the middleware at “/static” to serve static content only when their request path is prefixed with “/static”:

// GET /static/style.css etc.
app.use('/static', express.static(path.join(__dirname, 'public')));

Disable logging for static content requests by loading the logger middleware after the static middleware:

app.use(express.static(path.join(__dirname, 'public')));
app.use(logger());

Serve static files from multiple directories, but give precedence to ”./public” over the others:

app.use(express.static(path.join(__dirname, 'public')));
app.use(express.static(path.join(__dirname, 'files')));
app.use(express.static(path.join(__dirname, 'uploads')));