Hello This is still an issue for us. Would this be a possible feature to add?
thanks Brian ________________________________ From: Brian Fenton <[email protected]> Sent: Friday 27 October 2023 5:56 pm To: [email protected] <[email protected]> Subject: [naviserver-devel] Proposal: config file boolean parameter "showserverheader" to show/hide "Server:" response header Hi all Recently during a client security audit, the "Server: NaviServer/4.99.28" response header was flagged as an issue. The client has asked us to remove the header, if possible. The RFC suggests that the "Server: " header is optional, so I believe this should be OK to remove. https://www.rfc-editor.org/rfc/rfc7231#section-7.4.2 We would like to propose a new config file boolean parameter "showserverheader" with default true. Ns_ConnConstructHeaders in return.c could then check this parameter before outputting the "Server: " header e.g. something like this: if (Ns_ConfigBool(path, "showserverheader", NS_TRUE) == NS_TRUE) { Ns_DStringVarAppend(dsPtr, "Server: ", Ns_InfoServerName(), "/", Ns_InfoServerVersion(), "\r\n"); } Thoughts? Alternatives? thanks Brian _______________________________________________ naviserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________ naviserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/naviserver-devel
