Hi Sergey,
> I don't think this is a good idea to change the default behaviour
> for the directive we have for a long-long time.
But it's arguably a wrong behavior, and keeping it forever wrong
because of a decision made ~20 years ago, doesn't seem like
a particularly great idea.
Also, while
Hi Piotr,
thank you for the patch.
On Wed, Feb 28, 2024 at 01:20:35AM +, Piotr Sikora via nginx-devel wrote:
[...]
> HTTP: stop emitting server version by default.
> This information is only useful to attackers.
> The previous behavior can be restored using "server_tokens on".
[...]
I
# HG changeset patch
# User Piotr Sikora
# Date 1708977611 0
# Mon Feb 26 20:00:11 2024 +
# Branch patch001
# Node ID a8a592b9b62eff7bca03e8b46669f59d2da689ed
# Parent 89bff782528a91ad123b63b624f798e6fd9c8e68
HTTP: stop emitting server version by default.
This information is only