Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Suppression of Jetty Version Information in HTTP Responses #4423

Closed
ab-20-m opened this issue Oct 30, 2020 · 1 comment
Closed

Allow Suppression of Jetty Version Information in HTTP Responses #4423

ab-20-m opened this issue Oct 30, 2020 · 1 comment
Labels
enhancement New feature or request Fix-Commited Issue fixed and will be available in milestone Internal-Issue-Created An issue has been created in NextGen's internal issue tracker RS-6607 triaged
Milestone
4.0.0

Comments

@ab-20-m
Copy link

ab-20-m commented Oct 30, 2020

It is considered bad practice to include information in HTTP responses that allow fingerprinting of the Server version/information. As of Mirth 3.9.1, auto-generated HTTP Responses include Jetty Version information in the "Server" HTTP Header. Mirth should provide a capability to disable/suppress Jetty Version information in HTTP Reponses on a per-channel basis.
@rbergeron-psi
Copy link

What we need is:

  1. Don’t send the Server header in the HTTP Response. Need to configure the HttpConfiguration before starting the Jetty server for HttpReceivers. java - Remove the HTTP Server header in Jetty 9 - Stack Overflow
  2. Don’t send stack exception details in the HTTP response when there are errors. ~Line 524 – Line 533 in HttpReceiver.java Logging the details is one thing, blasting the details in the response out is another.

@pladesma pladesma added Internal-Issue-Created An issue has been created in NextGen's internal issue tracker RS-6607 triaged enhancement New feature or request labels Jul 30, 2021
@joaryche joaryche added the Fix-Commited Issue fixed and will be available in milestone label Feb 18, 2022
@joaryche joaryche added this to the 4.0.0 milestone Feb 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Fix-Commited Issue fixed and will be available in milestone Internal-Issue-Created An issue has been created in NextGen's internal issue tracker RS-6607 triaged
Projects
None yet
Milestone
4.0.0
Development

No branches or pull requests
4 participants
@pladesma @joaryche @ab-20-m @rbergeron-psi