deegree3 icon indicating copy to clipboard operation
deegree3 copied to clipboard

Published 20 hours ago verified publisher icon deegree

version reference in response headers

Open axza opened this issue 4 years ago • 2 comments

Hello awesome People! even if I consider deegree as safe, I would like to have the possibility to suppress the output of the deegree-versions number in the response. Following is a line reference.

https://github.com/deegree/deegree3/blob/2bdd14a06f7b375fe1c5f7a8b34e2cfddd63070f/deegree-services/deegree-services-commons/src/api/java/org/deegree/services/controller/OGCFrontController.java#L306

Is there anything that speaks against it?

axza avatar Nov 27 '20 12:11 axza

Exposing information like this for everybody to see is indeed risky. Usually such information is filtered out by a reverse proxy but perhaps we should consider removing it altogether.

copierrj avatar Nov 27 '20 12:11 copierrj

Please post this as a feature request and if possible a related PR. See our guidelines for working with PR for further information.

tfr42 avatar Jan 30 '22 14:01 tfr42