• Type: New Feature
• Resolution: Won't Do
• Priority: Minor
• Component/s: winstone-jetty
• Labels:

  None

[JENKINS-39436] Allow to deactivate "Server HTTP Header"

Emilio Escobar created issue - 2016-11-02 10:43

Emilio Escobar made changes - 2016-11-02 10:43

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Emilio Escobar made changes - 2016-11-02 11:20

Remote Link

New: This issue links to "PR (Web Link)" [ 15010 ]

Emilio Escobar made changes - 2016-11-02 13:36

Description

Original: Support sendServerVersion option to unset server version http header.

New: Support sendServerVersion option to unset server version http header. There is a HTTP header which returns the Jetty server version: plata:winstone escoem$ curl -I https://JENKINS_SERVER/ HTTP/1.1 302 Found Date: Wed, 02 Nov 2016 13:32:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: https://JENKINS_SERVER/securityRealm/commenceLogin?from=%2F *Server: Jetty(9.2.z-SNAPSHOT)* Set-Cookie: JSESSIONID.dsaw=daseawew;Path=/;Secure;HttpOnly X-Content-Type-Options: nosniff X-Hudson: 1.395 X-Hudson-CLI-Port: 10081 X-Jenkins: 2.7.4.4 X-Jenkins-CLI-Host: IP X-Jenkins-CLI-Port: 10081 X-Jenkins-CLI2-Port: 10081 X-Jenkins-Session: dsaw Connection: keep-alive Jetty support a configuration option for sending or not the Server version (by default is sent).

Arnaud Héritier made changes - 2016-11-02 14:09

Summary

Original: Add sendServerVersion option

New: Allow to deactivate "Server HTTP Header"

Emilio Escobar made changes - 2017-10-31 09:14

Resolution		New: Won't Do [ 10001 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

Daniel Beck made changes - 2018-09-18 14:17

Link

New: This issue is duplicated by SECURITY-1165 [ SECURITY-1165 ]