Server tokens #596
Closed
Server tokens #596
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There are some deployment environments that consider leaking the software type and/or version to be a security risk. Config.pod mentions that you can set "server_tokens" to false to disable the "Server" header, or use the environment variable DANCER_SERVER_TOKENS to do the same. These are added by this commit.
|
👍 Great job! |
|
👍 |
|
Thanks guys. I've found the build problem, will add a commit to treat that soon. |
There are some deployment environments that consider leaking the software type and/or version to be a security risk. Config.pod mentions that you can set "server_tokens" to false to disable the "Server" header, or use the environment variable DANCER_SERVER_TOKENS to do the same. These are added by this commit.
|
@veryrusty Good point. I agree. |
veryrusty
added a commit
that referenced
this pull request
Jul 10, 2014
Core::Runner only holds configuration for what are effictively "global" options (it is a singleton). This includes 'environment', and the 'server_tokens' & 'startup_info' (taken from #596). Note that the Runners' environment may not be changed once singleton exists. Per application config options previously in the Runner's default config were moved into Core::App.
veryrusty
added a commit
that referenced
this pull request
Jul 24, 2014
Core::Runner only holds configuration for what are effictively "global" options (it is a singleton). This includes 'environment', and the 'server_tokens' & 'startup_info' (taken from #596). Note that the Runners' environment may not be changed once singleton exists. Per application config options previously in the Runner's default config were moved into Core::App.
|
Recent commits from @veryrusty add support for this, but it should be tested and revised according to most recent master branch. |
|
Hmmm.. my commits only made We either need the logic @omar-m-othman added to Core::Runner in 8ebbe65 to disable the Server header, or move the addition of the Server header be within |
|
Merged! :) |
xsawyerx
added a commit
that referenced
this pull request
Nov 17, 2014
[ BUG FIXES ]
* GH #744: Serialize anything, not just references. (Sawyer X)
* GH #744: Serialize regardless of content_type of serializer. (Sawyer X)
* GH #764: Catch template render errors. (Russell Jenkins, Steven Humphrey)
* Calling uri_for(undef) doesn't crash. (Sawyer X)
* GH #732: Correct name for 403 (Forbidden, not Unauthorized).
(Theo van Hoesel, Sawyer X, Mickey Nasriachi, Omar M. Othman)
* GH #753: Syntax of parameterized types. (Russell Jenkins)
* GH #734: Failing tests on Windows. (Russell Jenkins, Sawyer X)
[ ENHANCEMENTS ]
* GH #664, #684, #715: Handler::File replaced for static files with
Plack::Middleware::Static, allowing files to be served *before* routes.
This means hooks do not apply to static files anymore!
(Russell Jenkins, DavsX)
* Engines now have "logger" attribute to log errors. It sends the
Dancer2::Logger:: object, if one exists. (Sawyer X)
* Serializers do not need to implement "loaded" method. (Sawyer X)
* GH #733: In core: response_xxx removed in favor of generic
standard_response. (Sawyer X, Mickey Nasriachi, Omar M. Othman)
* GH #514, #642, #729: Allow mixing named params, splat, and
megasplat. (Russell Jenkins, Johan Spade, Dávid Kovács)
* GH #596: no_server_tokens works, as well as DANCER_NO_SERVER_TOKENS.
(Omar M. Othman, Sawyer X, Mickey Nasriachi)
* GH #639: Validate engine types in configuration.
(Sawyer X, Omar M. Othman, Mickey Nasriachi, Russell Jenkins)
* GH #663, #741: Remove "accept_type" attribute and other references.
(Mickey Nasriachi, Theo van Hoesel)
* GH #748: Provide forwarded_host, forwarded_protocol. (Sawyer X)
* GH #748: Do not provide a default env, require env for a request.
(Sawyer X)
* GH #742: Update test skeleton to use to_app. (Dávid Kovács)
* GH #636: Use Plack::Test in more tests. (Dávid Kovács)
[ DOCUMENTATION ]
* GH #656: Dancer2::Manual::Testing as a guide for testing Dancer2
applications. (Sawyer X)
* Improved documentation of route matching. (Russell Jenkins)
* Migration document update relating to enhancements.
(Sawyer X, Mickey Nasriachi)
* GH #731: Document changes in session.
(racke, Sawyer X, Mickey Nasriachi, Omar M. Othman)
* Document "id" attribute in Request object. (Sawyer X)
* Correct Cookbook examples on command line scripts. (Sawyer X)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.