Remove 'sever' response header #175

abovedave · 2017-05-30T16:36:18Z

Currently we're advertising in the response header server: DADI (Web), this is bad security practice, especially for our clients. Any in-progress security bugs could be used as exploits.

Remove instances of res.setHeader('Server', config.get('server.name'))

The text was updated successfully, but these errors were encountered:

abovedave changed the title ~~Remove sever response header~~ Remove 'sever' response header May 30, 2017

abovedave self-assigned this May 30, 2017

abovedave added the type: enhancement label May 30, 2017

abovedave mentioned this issue May 30, 2017

🚧 [Do not merge] Add support for HTTP2 #167

Closed

6 tasks

jimlambie assigned jimlambie and unassigned abovedave May 31, 2017

jimlambie mentioned this issue May 31, 2017

Remove "server" header #177

Merged

jimlambie added the status: in progress label May 31, 2017

jimlambie closed this as completed in #177 May 31, 2017

jimlambie removed the status: in progress label May 31, 2017

abovedave mentioned this issue Aug 8, 2017

🚀 Performance enhancements #196

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove 'sever' response header #175

Remove 'sever' response header #175

abovedave commented May 30, 2017

Remove 'sever' response header #175

Remove 'sever' response header #175

Comments

abovedave commented May 30, 2017