#166 Ability to modify the SERVER header to avoid Banner Disclosure - Thin

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#166 new

Ability to modify the SERVER header to avoid Banner Disclosure

Reported by Pavan Sudarshan | October 16th, 2012 @ 05:59 AM | in Future

In order to get a security audit cleared, we need to make sure we do not disclose banner. Currently, the SERVER response header shows up as "thin 1.5.0 codename Knife" which is giving out the version information.

I couldn't find a way to work around this. Is it possible to make this be less descriptive?

Comments and changes to this ticket

macournoyer October 30th, 2012 @ 08:25 AM
Should be fixed in master.

You'll be able to change it like so:

response.headers["Server"] = "whatever"

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

People watching this ticket

macournoyer

Thin Thin → Future

Ability to modify the SERVER header to avoid Banner Disclosure

Comments and changes to this ticket

macournoyer October 30th, 2012 @ 08:25 AM

Create your profile

People watching this ticket

Pages

Thin Thin → Future

Keyword searching

Ability to modify the SERVER header to avoid Banner Disclosure

Comments and changes to this ticket

macournoyer October 30th, 2012 @ 08:25 AM

Create your profile

People watching this ticket

Pages