diff --git a/settings.json.template b/settings.json.template index 535e502bf..efdb257db 100644 --- a/settings.json.template +++ b/settings.json.template @@ -409,6 +409,13 @@ */ /* + * Expose Etherpad version in the Server http header. + * + * Do not enable on production machines. + */ + "exposeVersion": false, + + /* * The log level we are using. * * Valid values: DEBUG, INFO, WARN, ERROR diff --git a/src/node/hooks/express.js b/src/node/hooks/express.js index 7b45ccf6f..702214ec8 100644 --- a/src/node/hooks/express.js +++ b/src/node/hooks/express.js @@ -75,7 +75,12 @@ exports.restartServer = function () { // Stop IE going into compatability mode // https://github.com/ether/etherpad-lite/issues/2547 res.header("X-UA-Compatible", "IE=Edge,chrome=1"); - res.header("Server", serverName); + + // send git version in the Server response header if exposeVersion is true. + if (settings.exposeVersion) { + res.header("Server", serverName); + } + next(); }); diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index db1b294b0..cffb20cf0 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -291,6 +291,13 @@ exports.scrollWhenFocusLineIsOutOfViewport = { "scrollWhenCaretIsInTheLastLineOfViewport": false }; +/* + * Expose Etherpad version in the Server http header. + * + * Do not enable on production machines. + */ +exports.exposeVersion = false; + // checks if abiword is avaiable exports.abiwordAvailable = function() {