synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiranya Jayathilaka <hiranya...@gmail.com>
Subject Re: HTTP Transports Preserving Server Header
Date Mon, 12 Aug 2013 05:41:15 GMT
On Aug 11, 2013, at 10:51 AM, Sanjiva Weerawarana <sanjiva@opensource.lk> wrote:

> IMO the Server head should by default be set by Synapse to say "Apache Synapse vX.Y.Z"
or something like that and have an option to forward that of the backend.

+1 to the suggested default behavior.

We already have a (undocumented) configuration option to control this. It's just that the
current default behavior is to pass the "Server" header sent by the backend server.

Thanks,
Hiranya

> 
> I guess we should probably look at what a reverse proxy like nginx does by default and
do whatever they do .. as that's the role of Synapse in HTTP-HTTP routing.
> 
> Sanjiva.
> 
> 
> On Sun, Aug 11, 2013 at 8:23 PM, Rajika Kumarasiri <rajika.kumarasiri@gmail.com>
wrote:
> I meant it's better not to include that header by default since it can be considered
a security issue. But as you have suggested we also need a way to configure the header. 
> 
> Rajika
> 
> 
> On Sun, Aug 11, 2013 at 1:52 AM, Hiranya Jayathilaka <hiranya911@gmail.com> wrote:
> Hi Rajika,
> 
> On Aug 10, 2013, at 10:42 PM, Rajika Kumarasiri <rajika.kumarasiri@gmail.com> wrote:
> 
>> +1. Should be use-if-available. 
> 
> Are you implying that the current behavior is correct (i.e. passing the Http "Server"
header to the client)?
> 
> Thanks,
> Hiranya
> 
>> 
>> Rajika
>> 
>> 
>> On Sun, Aug 11, 2013 at 12:30 AM, Hiranya Jayathilaka <hiranya911@gmail.com>
wrote:
>> I noticed that both PT and NHTTP transports pass the "Server" header sent from the
backend server to the client. This is the default programmed behavior, and it can be overridden
if needed using a configuration parameter. But is the default behavior correct? Shouldn't
Synapse completely hide the backend server details from the client?
>> 
>> Thanks,
>> Hiranya
>> 
>> --
>> Hiranya Jayathilaka
>> Mayhem Lab/RACE Lab;
>> Dept. of Computer Science, UCSB;  http://cs.ucsb.edu
>> E-mail: hiranya@cs.ucsb.edu;  Mobile: +1 (805) 895-7443
>> Blog: http://techfeast-hiranya.blogspot.com
>> 
>> 
> 
> 
> --
> Hiranya Jayathilaka
> Mayhem Lab/RACE Lab;
> Dept. of Computer Science, UCSB;  http://cs.ucsb.edu
> E-mail: hiranya@cs.ucsb.edu;  Mobile: +1 (805) 895-7443
> Blog: http://techfeast-hiranya.blogspot.com
> 
> 
> 
> 
> 
> -- 
> Sanjiva Weerawarana, Ph.D.
> Founder, Director & Chief Scientist; Lanka Software Foundation; http://www.opensource.lk/
> Founder, Chairman & CEO; WSO2; http://wso2.com/
> 
> Blog: http://sanjiva.weerawarana.org/

--
Hiranya Jayathilaka
Mayhem Lab/RACE Lab;
Dept. of Computer Science, UCSB;  http://cs.ucsb.edu
E-mail: hiranya@cs.ucsb.edu;  Mobile: +1 (805) 895-7443
Blog: http://techfeast-hiranya.blogspot.com


Mime
View raw message