Hello This is still an issue for us. Would this be a possible feature to add?
thanks Brian ________________________________ From: Brian Fenton <brian.fen...@aimssoftware.ie> Sent: Friday 27 October 2023 5:56 pm To: naviserver-devel@lists.sourceforge.net <naviserver-devel@lists.sourceforge.net> Subject: [naviserver-devel] Proposal: config file boolean parameter "showserverheader" to show/hide "Server:" response header Hi all Recently during a client security audit, the "Server: NaviServer/4.99.28" response header was flagged as an issue. The client has asked us to remove the header, if possible. The RFC suggests that the "Server: " header is optional, so I believe this should be OK to remove. https://www.rfc-editor.org/rfc/rfc7231#section-7.4.2 We would like to propose a new config file boolean parameter "showserverheader" with default true. Ns_ConnConstructHeaders in return.c could then check this parameter before outputting the "Server: " header e.g. something like this: if (Ns_ConfigBool(path, "showserverheader", NS_TRUE) == NS_TRUE) { Ns_DStringVarAppend(dsPtr, "Server: ", Ns_InfoServerName(), "/", Ns_InfoServerVersion(), "\r\n"); } Thoughts? Alternatives? thanks Brian _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
