Joshua Slive wrote: > This may be my imagination, but won't this allow any module (or even cgi > script) to set the Server header and override the default one. Do we want > this? (I'm undecided, but it is a significant change from previous > behavior.)
The attached patch fixes this so that the server header may only be
overriden when a request is proxied. Comments?
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
--- /home/minfrin/src/apache/pristine/apache-1.3/src/main/http_protocol.c Sun
Mar 24 11:59:57 2002
+++ src/main/http_protocol.c Sun Mar 24 13:35:00 2002
@@ -1513,7 +1513,6 @@
API_EXPORT(void) ap_basic_http_header(request_rec *r)
{
char *protocol;
- const char *server;
if (r->assbackwards)
return;
@@ -1542,10 +1541,13 @@
/* output the date header */
ap_send_header_field(r, "Date", ap_gm_timestr_822(r->pool, r->request_time));
- /* keep a previously set server header (possible from proxy), otherwise
+ /* keep the set-by-proxy server header, otherwise
* generate a new server header */
- if (server = ap_table_get(r->headers_out, "Server")) {
- ap_send_header_field(r, "Server", server);
+ if (r->proxyreq) {
+ const char *server = ap_table_get(r->headers_out, "Server");
+ if (server) {
+ ap_send_header_field(r, "Server", server);
+ }
}
else {
ap_send_header_field(r, "Server", ap_get_server_version());
smime.p7s
Description: S/MIME Cryptographic Signature
