Merge pull request #536 from Kitware/hide-cherrypy-version

Hide cherrypy version in Server response header

CHANGELOG.md

@@ -39,6 +39,8 @@ versioning](http://semver.org).
   error messages
 
 ### Security
+- ``Server`` response header now reads "Tangelo" instead of "CherryPy" with a
+  version string
 
 ## [0.9] - 2015-03-03
 ### Added

tangelo/tangelo/server.py

@@ -541,6 +541,10 @@ def dirlisting(dirpath, reqpath):
         return result
 
     def execute_analysis(self, query_args):
+        # Hide the identity/version number of the server technology in the
+        # response headers.
+        cherrypy.response.headers["Server"] = ""
+
         # Analyze the URL.
         analysis = analyze_url(cherrypy.request.path_info)
         directive = analysis.directive

tests/server-identity.py

@@ -0,0 +1,10 @@
+import nose
+import requests
+
+import fixture
+
+
+@nose.with_setup(fixture.start_tangelo, fixture.stop_tangelo)
+def test_server_identity():
+    response = requests.get(fixture.url("/"))
+    assert response.headers["server"] == ""