I meant it's better not to include that header by default since it can be considered a security issue. But as you have suggested we also need a way to configure the header.
Rajika On Sun, Aug 11, 2013 at 1:52 AM, Hiranya Jayathilaka <[email protected]>wrote: > Hi Rajika, > > On Aug 10, 2013, at 10:42 PM, Rajika Kumarasiri < > [email protected]> wrote: > > +1. Should be use-if-available. > > > Are you implying that the current behavior is correct (i.e. passing the > Http "Server" header to the client)? > > Thanks, > Hiranya > > > Rajika > > > On Sun, Aug 11, 2013 at 12:30 AM, Hiranya Jayathilaka < > [email protected]> wrote: > >> I noticed that both PT and NHTTP transports pass the "Server" header sent >> from the backend server to the client. This is the default programmed >> behavior, and it can be overridden if needed using a configuration >> parameter. But is the default behavior correct? Shouldn't Synapse >> completely hide the backend server details from the client? >> >> Thanks, >> Hiranya >> >> -- >> Hiranya Jayathilaka >> Mayhem Lab/RACE Lab; >> Dept. of Computer Science, UCSB; http://cs.ucsb.edu >> E-mail: [email protected] <[email protected]>; Mobile: +1 (805) >> 895-7443 >> Blog: >> http://techfeast-hiranya.**blogspot.com<http://techfeast-hiranya.blogspot.com/> >> >> > > -- > Hiranya Jayathilaka > Mayhem Lab/RACE Lab; > Dept. of Computer Science, UCSB; http://cs.ucsb.edu > E-mail: [email protected] <[email protected]>; Mobile: +1 (805) 895-7443 > Blog: > http://techfeast-hiranya.**blogspot.com<http://techfeast-hiranya.blogspot.com/> > >
