synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajika Kumarasiri <rajika.kumaras...@gmail.com>
Subject Re: HTTP Transports Preserving Server Header
Date Sun, 11 Aug 2013 14:53:17 GMT
I meant it's better not to include that header by default since it can be
considered a security issue. But as you have suggested we also need a way
to configure the header.

Rajika


On Sun, Aug 11, 2013 at 1:52 AM, Hiranya Jayathilaka
<hiranya911@gmail.com>wrote:

> Hi Rajika,
>
> On Aug 10, 2013, at 10:42 PM, Rajika Kumarasiri <
> rajika.kumarasiri@gmail.com> wrote:
>
> +1. Should be use-if-available.
>
>
> Are you implying that the current behavior is correct (i.e. passing the
> Http "Server" header to the client)?
>
> Thanks,
> Hiranya
>
>
> Rajika
>
>
> On Sun, Aug 11, 2013 at 12:30 AM, Hiranya Jayathilaka <
> hiranya911@gmail.com> wrote:
>
>> I noticed that both PT and NHTTP transports pass the "Server" header sent
>> from the backend server to the client. This is the default programmed
>> behavior, and it can be overridden if needed using a configuration
>> parameter. But is the default behavior correct? Shouldn't Synapse
>> completely hide the backend server details from the client?
>>
>> Thanks,
>> Hiranya
>>
>>  --
>> Hiranya Jayathilaka
>> Mayhem Lab/RACE Lab;
>> Dept. of Computer Science, UCSB;  http://cs.ucsb.edu
>> E-mail: hiranya@cs.ucsb.edu <hiranya@wso2.com>;  Mobile: +1 (805)
>> 895-7443
>> Blog: http://techfeast-hiranya.**blogspot.com<http://techfeast-hiranya.blogspot.com/>
>>
>>
>
> --
> Hiranya Jayathilaka
> Mayhem Lab/RACE Lab;
> Dept. of Computer Science, UCSB;  http://cs.ucsb.edu
> E-mail: hiranya@cs.ucsb.edu <hiranya@wso2.com>;  Mobile: +1 (805) 895-7443
> Blog: http://techfeast-hiranya.**blogspot.com<http://techfeast-hiranya.blogspot.com/>
>
>

Mime
View raw message