You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2015/12/12 14:21:16 UTC
svn commit: r1719684 - /ofbiz/trunk/framework/catalina/ofbiz-component.xml
Author: jleroux
Date: Sat Dec 12 13:21:16 2015
New Revision: 1719684
URL: http://svn.apache.org/viewvc?rev=1719684&view=rev
Log:
3rd step for "Secure HTTP headers" https://issues.apache.org/jira/browse/OFBIZ-6766
It's recommended to not use the X-Powered-By header.
Tomcat doc: The xpoweredBy attribute controls whether or not the X-Powered-By HTTP header is sent with each request. If sent, the value of the header contains the Servlet and JSP specification versions, the full Tomcat version (e.g. Apache Tomcat/7.0.0), the name of the JVM vendor and the version of the JVM. This header is disabled by default. This header can provide useful information to both legitimate clients and attackers.
OFBiz users can decide to change this parameter if they want
Modified:
ofbiz/trunk/framework/catalina/ofbiz-component.xml
Modified: ofbiz/trunk/framework/catalina/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/ofbiz-component.xml?rev=1719684&r1=1719683&r2=1719684&view=diff
==============================================================================
--- ofbiz/trunk/framework/catalina/ofbiz-component.xml (original)
+++ ofbiz/trunk/framework/catalina/ofbiz-component.xml Sat Dec 12 13:21:16 2015
@@ -74,7 +74,7 @@ under the License.
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
<!-- AJP/13 connector attributes -->
<!-- commented out because the values match the Tomcat defaults:
<property name="tomcatAuthentication" value="true"/>
@@ -103,7 +103,7 @@ under the License.
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/>
<!-- commented out because the values match the Tomcat defaults:
@@ -133,7 +133,7 @@ under the License.
<property name="secure" value="true"/>
<property name="SSLEnabled" value="true"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/>
<!-- SSL connector attributes -->
@@ -180,7 +180,7 @@ under the License.
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
</property>
<property name="http-connector" value="connector">
<!--<property name="address" value=""/>-->
@@ -189,7 +189,7 @@ under the License.
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/>
</property>
@@ -201,7 +201,7 @@ under the License.
<property name="secure" value="true"/>
<property name="SSLEnabled" value="true"/>
<property name="URIEncoding" value="UTF-8"/>
- <property name="xpoweredBy" value="true"/>
+ <property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/>
<property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>