dimas-b commented on code in PR #3066: URL: https://github.com/apache/polaris/pull/3066#discussion_r2546627927
########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -23,35 +23,39 @@ type: docs weight: 600 --- -The default server configuration is intended for development and testing. When you deploy Polaris in production, -review and apply the following checklist: +The default server configuration is intended for development and testing. When you deploy Polaris in production, review +and apply the following checklist: + - [ ] Configure OAuth2 keys - [ ] Enforce realm header validation (`require-header=true`) - [ ] Use a durable metastore (JDBC + PostgreSQL) - [ ] Bootstrap valid realms in the metastore - [ ] Disable local FILE storage +- [ ] Polaris Server Header Review Comment: Yes, the `Server` header is off by default due to possible security concerns. If a user wishes to enable it, it is possible. However, it does not look like every user has to make a decision about it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
