Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Server header

See original GitHub issue

This should be optional.

ctx.header(Header.SERVER, "Javalin")

https://github.com/tipsy/javalin/blob/master/javalin/src/main/java/io/javalin/http/JavalinServlet.kt#L76

Issue Analytics

State:
Created 3 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

tipsycommented, Aug 26, 2021

Thanks @mekiert !

In Javalin 4, which is coming out soon, the Server header is disabled by default 😃

0reactions

mekiertcommented, Aug 25, 2021

There is a way to remove it. I show my solution using Kotlin.

Remove ‘Server’ header from Javalin To remove a ‘Server’ header from Javalin we can set its value to null, just after handling the request.

after { it.res.setHeader("Server", null) }

Now instead of ‘Server = Javalin’ you should see a header ‘Server = Jetty(xxxx)’.

Remove ‘Server’ header from Jetty As the ‘Server’ header from Javalin was only a cover for header from Jetty, you should remove the ‘Server’ header from Jetty as well.

This code does the job:

Javalin.create { config ->
  config.server {
    Server().apply {
      val httpConfig = HttpConfiguration()
      // Hide 'Server' header as it reveals the used library
      httpConfig.sendServerVersion = false
      val httpFactory = HttpConnectionFactory(httpConfig)
      val httpConnector = ServerConnector(server, httpFactory)
      // Change the value to your actuall port
      httpConnector.port = 7000
      connectors = arrayOf(httpConnector) 
    } 
  }
}

Based on: https://stackoverflow.com/a/23245256

Explanation:

You should create your own Jetty Server using server method from JavalinConfig
Set sendServerVersion in HttpConfiguration to false
Remember to set the port, because you create a new ServerConnector

That’s it! You are free from the ‘Server’ header now! 😎

Message to maintainer/s 🛠 In my opinion, the Javalin ‘Server’ header should be set only if it was previously set by Jetty. It is pointless to set this header to ‘Javalin’ and then to remove it.

Btw, thanks for your great job with Javalin 👍

Top Results From Across the Web

Server - HTTP - MDN Web Docs

The Server header describes the software used by the origin server that handled the request — that is, the server that generated the...

HTTP headers | Server - GeeksforGeeks

The HTTP Server header is a response-type header that contains the information about the used software by the server to handle all the ......

List of HTTP header fields - Wikipedia

HTTP header fields are a list of strings sent and received by both the client program and server on every HTTP request and...

What is the HTTP "Server" response-header field used for?

The Server response-header field contains information about the software used by the origin server to handle the request.

Server: HTTP response-header - IBM

Returns information about the server and protocol the client is connected to. Type, Description. HTTP header name, Server. HTTP header type, Response-header.