secure-headers icon indicating copy to clipboard operation
secure-headers copied to clipboard
verified publisher icon bepsvpt

X-Powered-By keep showing when I leave it empty in config file

Open hyquoccuong opened this issue 4 years ago • 3 comments

In Laravel config/secure-headers.php

    /*
     * X-Powered-By
     *
     * Note: it will not add to response header if the value is empty string.
     */
    'x-powered-by' => '',

But in header it shows

X-Powered-By: PHP/7.2.28

If I change the value:

'x-powered-by'  => config('app.name'),

Header shows:

X-Powered-By: PHP/7.2.28 X-Powered-By: Laraspace

And if I change the config to

'x-powered-by' => [
    'enable' => false,
],

Now it shows:

X-Powered-By: PHP/7.2.28 X-Powered-By

I just want to hide/remove it completely or just show one line with set value in config file, could you please let me know how to do that?

hyquoccuong avatar Jan 11 '21 07:01 hyquoccuong

not sure about your setup and i'm not a lara user but u might check https://www.php.net/manual/en/ini.core.php#ini.expose-php

tobias-trozowski avatar Feb 19 '21 20:02 tobias-trozowski

I have the same issue. Have you found a workaround @hyquoccuong ?

composer.json (versions):

{
  "bepsvpt/secure-headers": "v6.3.0",
  "laravel/lumen-framework": "v5.8.13",
}

config/secure-headers.php

    /*
     * X-Powered-By
     *
     * Note: it will not add to response header if the value is empty string.
     */

    'x-powered-by' => '',

aesyondu avatar Mar 29 '21 02:03 aesyondu

Nvm, thanks @tobias-trozowski. In my case it was the php.ini

  1. verify that expose_php is On
php -i | grep expose
# expose_php => On => On
  1. set expose_php to Off in php.ini
expose_php => Off => Off
  1. restart server and verify header is not shown

aesyondu avatar Mar 29 '21 03:03 aesyondu

Close due to inactive.

bepsvpt avatar Nov 19 '22 23:11 bepsvpt