On Aug 11, 2013, at 10:51 AM, Sanjiva Weerawarana <[email protected]> wrote:
> IMO the Server head should by default be set by Synapse to say "Apache > Synapse vX.Y.Z" or something like that and have an option to forward that of > the backend. +1 to the suggested default behavior. We already have a (undocumented) configuration option to control this. It's just that the current default behavior is to pass the "Server" header sent by the backend server. Thanks, Hiranya > > I guess we should probably look at what a reverse proxy like nginx does by > default and do whatever they do .. as that's the role of Synapse in HTTP-HTTP > routing. > > Sanjiva. > > > On Sun, Aug 11, 2013 at 8:23 PM, Rajika Kumarasiri > <[email protected]> wrote: > I meant it's better not to include that header by default since it can be > considered a security issue. But as you have suggested we also need a way to > configure the header. > > Rajika > > > On Sun, Aug 11, 2013 at 1:52 AM, Hiranya Jayathilaka <[email protected]> > wrote: > Hi Rajika, > > On Aug 10, 2013, at 10:42 PM, Rajika Kumarasiri <[email protected]> > wrote: > >> +1. Should be use-if-available. > > Are you implying that the current behavior is correct (i.e. passing the Http > "Server" header to the client)? > > Thanks, > Hiranya > >> >> Rajika >> >> >> On Sun, Aug 11, 2013 at 12:30 AM, Hiranya Jayathilaka <[email protected]> >> wrote: >> I noticed that both PT and NHTTP transports pass the "Server" header sent >> from the backend server to the client. This is the default programmed >> behavior, and it can be overridden if needed using a configuration >> parameter. But is the default behavior correct? Shouldn't Synapse completely >> hide the backend server details from the client? >> >> Thanks, >> Hiranya >> >> -- >> Hiranya Jayathilaka >> Mayhem Lab/RACE Lab; >> Dept. of Computer Science, UCSB; http://cs.ucsb.edu >> E-mail: [email protected]; Mobile: +1 (805) 895-7443 >> Blog: http://techfeast-hiranya.blogspot.com >> >> > > > -- > Hiranya Jayathilaka > Mayhem Lab/RACE Lab; > Dept. of Computer Science, UCSB; http://cs.ucsb.edu > E-mail: [email protected]; Mobile: +1 (805) 895-7443 > Blog: http://techfeast-hiranya.blogspot.com > > > > > > -- > Sanjiva Weerawarana, Ph.D. > Founder, Director & Chief Scientist; Lanka Software Foundation; > http://www.opensource.lk/ > Founder, Chairman & CEO; WSO2; http://wso2.com/ > > Blog: http://sanjiva.weerawarana.org/ -- Hiranya Jayathilaka Mayhem Lab/RACE Lab; Dept. of Computer Science, UCSB; http://cs.ucsb.edu E-mail: [email protected]; Mobile: +1 (805) 895-7443 Blog: http://techfeast-hiranya.blogspot.com
