-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ability to not output Server header #3288
Comments
I'll work on a PR today to parameterize this. |
GitMate.io thinks possibly related issues are #1958 (Possibility to disable Server header), #2022 ([enhancement] ability to return redirect responses which don't have 'location' header), #2637 (Stop server error), #3140 (Q: possible to set Server header with web.Server?), and #1652 (Trailer headers). |
hah, nice! |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs. |
Long story short
It may be desirable to hide which server is running to avoid making it easy to target vulnerabilities. Currently the "server" header is populated without any mechanism to disable/change it.
Expected behaviour
Ability to disable/change the server header value
Actual behaviour
server header populated with current aiohttp/python version
Steps to reproduce
Start server and curl endpoint, look at headers returned.
The text was updated successfully, but these errors were encountered: