Re: Zinc Server name
Locked
 
|
Torsten asked how to change the server name as seen in HTTP responses:
$ curl -v http://localhost:1701/echo * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 1701 (#0) > GET /echo HTTP/1.1 > Host: localhost:1701 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 245 < Content-Type: text/plain;charset=utf-8 < Server: Zinc HTTP Components 1.0 < Date: Sat, 28 May 2016 11:30:43 GMT < This is Zinc HTTP Components echoing your request ! Running a ZnManagingMultiThreadedServer(running 1701) GET request for /echo with headers X-Zinc-Remote-Address: 127.0.0.1 Host: localhost:1701 User-Agent: curl/7.43.0 Accept: */* As you can see, the default header is 'Server: Zinc HTTP Components 1.0'. We don't need specific API for this uncommon scenario, as all requests and response are object that you can manipulate at will. We can do this programmatically as follows: | delegate | ZnServer startDefaultOn: 1701. delegate := ZnServer default delegate. ZnServer default delegate: (ZnValueDelegate with: [ :request | | response | response := delegate handleRequest: request. response headers at: #Server put: 'My HTTP Server 3.14'. response ]). The default handler of the server gets wrapped, the original is used to do the actual work, when it returns a response, we manipulate it as required. Now, the server name has changed: $ curl -v http://localhost:1701/echo * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 1701 (#0) > GET /echo HTTP/1.1 > Host: localhost:1701 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 245 < Content-Type: text/plain;charset=utf-8 < Server: My HTTP Server 3.14 < Date: Sat, 28 May 2016 11:31:03 GMT < This is Zinc HTTP Components echoing your request ! Running a ZnManagingMultiThreadedServer(running 1701) GET request for /echo with headers X-Zinc-Remote-Address: 127.0.0.1 Host: localhost:1701 User-Agent: curl/7.43.0 Accept: */* Sven > On 27 May 2016, at 17:11, Torsten Bergmann <[hidden email]> wrote: > > Hi Sven, > > A quick example (shared on the list) would be really nice! > Not urgent but I'm sure useful for many people using Pharo as webserver. > Security always is an issue. > > Thanks > Torsten > >> Gesendet: Freitag, 27. Mai 2016 um 16:33 Uhr >> Von: "Sven Van Caekenberghe" <[hidden email]> >> An: "Torsten Bergmann" <[hidden email]> >> Betreff: Re: Zinc Server name >> >> Hi Torsten, >> >>> On 27 May 2016, at 15:59, Torsten Bergmann <[hidden email]> wrote: >>> >>> Hi Sven, >>> >>> In Zinc the defaultServerString returns the frameworkNameAndVersion. >>> This is used in the HTTP responses, ... >>> >>> In a production situation one might give as little info to hackers >>> as possible about the server for security reasons. >>> >>> For sure I can patch the method but it would be good if the framework >>> could provide this out of the box. >>> >>> Having this as a setting (with the framework name as default) >>> would already solve the problem. What do you think? >>> >>> bye >>> Torsten >> >> This is a valid concern/request. However, it does not appear to be that important to make it a user settable option. You can easily add this yourself, without changing any method. >> >> Wrap another delegate around the delegate of the Zn server and intercept any response being returned, modify the Server: header and you're done. This is similar to how you would do pre/post request/response fiddling in apache or nginx. >> >> Does that make sense or should I write a small example ? >> >> Sven |
«
Return to Pharo Smalltalk Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |