ability to not output Server header

[thehesiod]

Long story short

It may be desirable to hide which server is running to avoid making it easy to target vulnerabilities. Currently the "server" header is populated without any mechanism to disable/change it.

Expected behaviour

Ability to disable/change the server header value

Actual behaviour

server header populated with current aiohttp/python version

Steps to reproduce

Start server and curl endpoint, look at headers returned.

[thehesiod]

I'll work on a PR today to parameterize this.

[asvetlov]

GitMate.io thinks possibly related issues are #1958 (Possibility to disable Server header), #2022 ([enhancement] ability to return redirect responses which don't have 'location' header), #2637 (Stop server error), #3140 (Q: possible to set Server header with web.Server?), and #1652 (Trailer headers).

[thehesiod]

hah, nice!

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs.
If you feel like there's important points made in this discussion, please include those exceprts into that [new issue].
[new issue]: https:/aio-libs/aiohttp/issues/new