Implement an option to customize or hide the "Server" http response header in the user-facing services #1942
Labels
area:security
Security issue.
comp:manager
Related to Manager component
comp:storage-proxy
Related to Storage proxy component
comp:webserver
Related to Web Server component
urgency:4
As soon as feasible, implementation is essential.
Milestone
Security policies in some organizations often require hiding the "Server" HTTP response headers for public-facing services.
We can implement this by adding an extra middleware to aiohttp application objects like below:
Let's add a local configuration option to configure a custom header value.
Currently the default behavior is to say "Python/3.11 aiohttp/3.8.5" (for 23.09 release).
We need to cover:
The text was updated successfully, but these errors were encountered: