svn commit: r1719684 - /ofbiz/trunk/framework/catalin
Locked
svn commit: r1719684 - /ofbiz/trunk/framework/catalin
 
|
Author: jleroux
Date: Sat Dec 12 13:21:16 2015 New Revision: 1719684 URL: http://svn.apache.org/viewvc?rev=1719684&view=rev Log: 3rd step for "Secure HTTP headers" https://issues.apache.org/jira/browse/OFBIZ-6766 It's recommended to not use the X-Powered-By header. Tomcat doc: The xpoweredBy attribute controls whether or not the X-Powered-By HTTP header is sent with each request. If sent, the value of the header contains the Servlet and JSP specification versions, the full Tomcat version (e.g. Apache Tomcat/7.0.0), the name of the JVM vendor and the version of the JVM. This header is disabled by default. This header can provide useful information to both legitimate clients and attackers. OFBiz users can decide to change this parameter if they want Modified: ofbiz/trunk/framework/catalina/ofbiz-component.xml Modified: ofbiz/trunk/framework/catalina/ofbiz-component.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/ofbiz-component.xml?rev=1719684&r1=1719683&r2=1719684&view=diff ============================================================================== --- ofbiz/trunk/framework/catalina/ofbiz-component.xml (original) +++ ofbiz/trunk/framework/catalina/ofbiz-component.xml Sat Dec 12 13:21:16 2015 @@ -74,7 +74,7 @@ under the License. <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> <!-- AJP/13 connector attributes --> <!-- commented out because the values match the Tomcat defaults: <property name="tomcatAuthentication" value="true"/> @@ -103,7 +103,7 @@ under the License. <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/> <!-- commented out because the values match the Tomcat defaults: @@ -133,7 +133,7 @@ under the License. <property name="secure" value="true"/> <property name="SSLEnabled" value="true"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/> <!-- SSL connector attributes --> @@ -180,7 +180,7 @@ under the License. <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> </property> <property name="http-connector" value="connector"> <!--<property name="address" value=""/>--> @@ -189,7 +189,7 @@ under the License. <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/> </property> @@ -201,7 +201,7 @@ under the License. <property name="secure" value="true"/> <property name="SSLEnabled" value="true"/> <property name="URIEncoding" value="UTF-8"/> - <property name="xpoweredBy" value="true"/> + <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressableMimeType" value="text/html,text/xml,text/plain,text/javascript,text/css"/> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |