Don't send server version to client (#254)

closes #247

Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/254
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: crapStone <crapstone01@gmail.com>
Co-committed-by: crapStone <crapstone01@gmail.com>
This commit is contained in:
crapStone 2023-11-15 01:49:29 +00:00 committed by 6543
parent b6103c6a1b
commit a8272f0ce9

View file

@ -10,7 +10,6 @@ import (
"codeberg.org/codeberg/pages/server/cache" "codeberg.org/codeberg/pages/server/cache"
"codeberg.org/codeberg/pages/server/context" "codeberg.org/codeberg/pages/server/context"
"codeberg.org/codeberg/pages/server/gitea" "codeberg.org/codeberg/pages/server/gitea"
"codeberg.org/codeberg/pages/server/version"
) )
const ( const (
@ -31,7 +30,7 @@ func Handler(mainDomainSuffix, rawDomain string,
log := log.With().Strs("Handler", []string{req.Host, req.RequestURI}).Logger() log := log.With().Strs("Handler", []string{req.Host, req.RequestURI}).Logger()
ctx := context.New(w, req) ctx := context.New(w, req)
ctx.RespWriter.Header().Set("Server", "CodebergPages/"+version.Version) ctx.RespWriter.Header().Set("Server", "pages-server")
// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin // Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
@ -88,14 +87,14 @@ func Handler(mainDomainSuffix, rawDomain string,
pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/") pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
if rawDomain != "" && strings.EqualFold(trimmedHost, rawDomain) { if rawDomain != "" && strings.EqualFold(trimmedHost, rawDomain) {
log.Debug().Msg("raw domain request detecded") log.Debug().Msg("raw domain request detected")
handleRaw(log, ctx, giteaClient, handleRaw(log, ctx, giteaClient,
mainDomainSuffix, rawInfoPage, mainDomainSuffix, rawInfoPage,
trimmedHost, trimmedHost,
pathElements, pathElements,
canonicalDomainCache, redirectsCache) canonicalDomainCache, redirectsCache)
} else if strings.HasSuffix(trimmedHost, mainDomainSuffix) { } else if strings.HasSuffix(trimmedHost, mainDomainSuffix) {
log.Debug().Msg("subdomain request detecded") log.Debug().Msg("subdomain request detected")
handleSubDomain(log, ctx, giteaClient, handleSubDomain(log, ctx, giteaClient,
mainDomainSuffix, mainDomainSuffix,
defaultPagesBranches, defaultPagesBranches,
@ -103,7 +102,7 @@ func Handler(mainDomainSuffix, rawDomain string,
pathElements, pathElements,
canonicalDomainCache, redirectsCache) canonicalDomainCache, redirectsCache)
} else { } else {
log.Debug().Msg("custom domain request detecded") log.Debug().Msg("custom domain request detected")
handleCustomDomain(log, ctx, giteaClient, handleCustomDomain(log, ctx, giteaClient,
mainDomainSuffix, mainDomainSuffix,
trimmedHost, trimmedHost,