ability to not output Server header #3288
Labels
Comments
|
I'll work on a PR today to parameterize this. |
|
GitMate.io thinks possibly related issues are #1958 (Possibility to disable Server header), #2022 ([enhancement] ability to return redirect responses which don't have 'location' header), #2637 (Stop server error), #3140 (Q: possible to set Server header with web.Server?), and #1652 (Trailer headers). |
|
hah, nice! |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Long story short
It may be desirable to hide which server is running to avoid making it easy to target vulnerabilities. Currently the "server" header is populated without any mechanism to disable/change it.
Expected behaviour
Ability to disable/change the server header value
Actual behaviour
server header populated with current aiohttp/python version
Steps to reproduce
Start server and curl endpoint, look at headers returned.
The text was updated successfully, but these errors were encountered: