Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement an option to customize or hide the "Server" http response header in the user-facing services #1942

Open
5 tasks
achimnol opened this issue Feb 29, 2024 · 0 comments
Open
5 tasks

Implement an option to customize or hide the "Server" http response header in the user-facing services #1942

achimnol opened this issue Feb 29, 2024 · 0 comments
Labels
area:security Security issue. comp:manager Related to Manager component comp:storage-proxy Related to Storage proxy component comp:webserver Related to Web Server component urgency:4 As soon as feasible, implementation is essential.
Milestone
23.09

Comments

@achimnol
Copy link
Member

achimnol commented Feb 29, 2024
edited
Loading

Security policies in some organizations often require hiding the "Server" HTTP response headers for public-facing services.

We can implement this by adding an extra middleware to aiohttp application objects like below:

from aiohttp import web

async def server_header_middleware(app, handler):
    async def middleware(request):
        response = await handler(request)
        response.headers['Server'] = 'Custom Server Name'
        return response
    return middleware

app = web.Application(middlewares=[server_header_middleware])

web.run_app(app)

Let's add a local configuration option to configure a custom header value.
Currently the default behavior is to say "Python/3.11 aiohttp/3.8.5" (for 23.09 release).

We need to cover:

  • manager
  • webserver
  • storage proxy
  • app proxy
  • control panel?
@achimnol achimnol added type:feature Add new features area:security Security issue. comp:manager Related to Manager component comp:webserver Related to Web Server component comp:storage-proxy Related to Storage proxy component urgency:4 As soon as feasible, implementation is essential. labels Feb 29, 2024
@achimnol achimnol added this to the 23.09 milestone Feb 29, 2024
@achimnol achimnol removed the type:feature Add new features label Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:security Security issue. comp:manager Related to Manager component comp:storage-proxy Related to Storage proxy component comp:webserver Related to Web Server component urgency:4 As soon as feasible, implementation is essential.
Projects
None yet
Milestone
23.09
Development

No branches or pull requests
1 participant
@achimnol