diff options
author | Eric Wong <e@80x24.org> | 2015-05-18 22:28:40 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2015-05-18 22:28:40 +0000 |
commit | cc2db04b47c5b5daf73873f3865da715812408db (patch) | |
tree | 142cbcb493b8bd427cb8ff242fb99f42869ef5e7 /lib/yahns/proxy_http_response.rb | |
parent | 313b0236c03eebd9f8074b11ff0b1778e22a87d4 (diff) | |
download | yahns-cc2db04b47c5b5daf73873f3865da715812408db.tar.gz |
We shouldn't blindly pass the "Server" tag through, since we may be proxying Apache instances and we don't want to misadvertise, either. IMHO, it is best to say nothing at all to save bandwidth and reduce the potential for attackers in case a vulnerability is discovered in yahns.
Diffstat (limited to 'lib/yahns/proxy_http_response.rb')
-rw-r--r-- | lib/yahns/proxy_http_response.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/yahns/proxy_http_response.rb b/lib/yahns/proxy_http_response.rb index 90a9395..cbdce6f 100644 --- a/lib/yahns/proxy_http_response.rb +++ b/lib/yahns/proxy_http_response.rb @@ -66,6 +66,7 @@ module Yahns::HttpResponse # :nodoc: env[REQUEST_METHOD] != HEAD flags = MSG_DONTWAIT alive = @hs.next? && self.class.persistent_connections + response_headers = env['yahns.proxy_pass.response_headers'] res = "HTTP/1.1 #{status}\r\n" headers.each do |key,value| # n.b.: headers is an Array of 2-element Arrays @@ -76,6 +77,14 @@ module Yahns::HttpResponse # :nodoc: flags |= MSG_MORE if have_body && value.to_i > 0 end + # response header mapping + case val = response_headers[key] + when :ignore + next + when String + value = val + end + res << "#{key}: #{value}\r\n" end |