From 28a6f505c5084e2de44ba06081ba8913fa97cf7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristram=20Gr=C3=A4bener?= Date: Mon, 15 Apr 2019 16:02:46 +0200 Subject: [PATCH] Parameters: the version is exposed in http header only when configured Currently the version is exposed in a 'Server' http headers. This commit allows to parameterize it in the settings. By defaults it is not exposed. Fixes #3423 --- settings.json.template | 7 +++++++ src/node/hooks/express.js | 7 ++++++- src/node/utils/Settings.js | 7 +++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/settings.json.template b/settings.json.template index 535e502bf..efdb257db 100644 --- a/settings.json.template +++ b/settings.json.template @@ -409,6 +409,13 @@ */ /* + * Expose Etherpad version in the Server http header. + * + * Do not enable on production machines. + */ + "exposeVersion": false, + + /* * The log level we are using. * * Valid values: DEBUG, INFO, WARN, ERROR diff --git a/src/node/hooks/express.js b/src/node/hooks/express.js index 7b45ccf6f..702214ec8 100644 --- a/src/node/hooks/express.js +++ b/src/node/hooks/express.js @@ -75,7 +75,12 @@ exports.restartServer = function () { // Stop IE going into compatability mode // https://github.com/ether/etherpad-lite/issues/2547 res.header("X-UA-Compatible", "IE=Edge,chrome=1"); - res.header("Server", serverName); + + // send git version in the Server response header if exposeVersion is true. + if (settings.exposeVersion) { + res.header("Server", serverName); + } + next(); }); diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index db1b294b0..cffb20cf0 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -291,6 +291,13 @@ exports.scrollWhenFocusLineIsOutOfViewport = { "scrollWhenCaretIsInTheLastLineOfViewport": false }; +/* + * Expose Etherpad version in the Server http header. + * + * Do not enable on production machines. + */ +exports.exposeVersion = false; + // checks if abiword is avaiable exports.abiwordAvailable = function() {