How to hide Server details in the Response header ?
Hasmukhginoya opened this issue · comments
I am using this sample code
public static void main(String[] args)
{
port(1150);
ipAddress("127.0.0.1");
enableCORS();
get("/hello",Main::registration);
}
public static String registration(Request request , Response response)
{
System.out.println(request.body());
return "hi, this is from spark ";
}
private static void enableCORS()
{
before((request, response) -> {
response.raw().setHeader("Server"," "); // Is this a Proper ?
});
}
Can we use any other solution to remove server details in the response header ?
This is response where i am getting server details
HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 09:52:37 GMT
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: Pragma,Content-Type,cache-control,x-authorization,X-Requested-With,Content-Length,Accept,Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Private-Network: true
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Server: Jetty(9.4.48.v20220622)
this is same as #331
I have verified in latest version this is still visible on response header.
You can use the unofficial
branch which removed that header:
<dependency>
<groupId>com.intellisrc</groupId>
<artifactId>spark-core</artifactId>
<version>2.9.4-unofficial-4</version>
</dependency>