Restler icon indicating copy to clipboard operation
Restler copied to clipboard

Published 20 hours ago verified publisher icon Luracast

Hide "X-Powered-By: Luracast Restler" in response headers

Open linux019 opened this issue 9 years ago • 5 comments
trafficstars

For security reasons is it possible to add option to remove this header? This info disclosures internal server structure.

linux019 avatar Jan 08 '16 11:01 linux019

May i sugest if is in production mode hide, else show?

tomahock avatar Jan 08 '16 11:01 tomahock

Yes, this header doesn't needed on production servers

2016-01-08 13:39 GMT+02:00 João Pina [email protected]:

May i sugest if is in production mode hide, else show?

— Reply to this email directly or view it on GitHub https://github.com/Luracast/Restler/issues/514#issuecomment-169973748.

linux019 avatar Jan 08 '16 11:01 linux019 

Restler::addListener('onRespond', function () {
    header('X-Powered-By: google.com');
});

thedotedge avatar Jan 19 '16 21:01 thedotedge

I like to suggest to remove the X-Powered-By header by default.

roydekleijn avatar Apr 17 '16 06:04 roydekleijn

This makes sense as we never want to divulge too much info. Leaving on in dev can help diagnose versioning issues...

I have also added (and suggest it for others), adding a unique request ID which can be referenced in logs etc...

roynasser avatar Apr 19 '16 15:04 roynasser