search

Azure / azure-functions-host

The host/runtime that powers Azure Functions
https://functions.azure.com
MIT License
1.94k stars 441 forks source link

[dotnet 7/isolated worker] How to disable `server: Kestrel` header? #9045

Open nulltoken opened 1 year ago

nulltoken commented 1 year ago

Hello, when starting from https://github.com/Azure/azure-functions-dotnet-worker/issues/1182#issuecomment-1317230604, and deploying on Linux, http reponses expose a server: Kestrel header.

Despite some research, I can't seem to find how to disable it. Could you please point me to some code pointers showing how to do this?

Context:

clientbala commented 1 year ago

We are facing the same issue and going to set the "Server" header as empty or null in the custom header section within host.json (i.e. set the header value as blank / empty but does not remove it from the headers) and the other work around is using reverse proxy setup (ex: yarp) to remove the header. It would be nice, if we can get an option to remove the header completely either programmatically or configuration mechanism for Linux based plan.

nulltoken commented 1 year ago

set the "Server" header as empty or null in the custom header section within host.json

@clientbala Thanks for the workaround hint

I haven't found any documentation about that in https://learn.microsoft.com/en-us/azure/azure-functions/functions-host-json. Would you be so kind as to share with me some pointers?

nulltoken commented 1 year ago

Eventually found something by digging a little bit more at https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook?tabs=in-process%2Cfunctionsv2&pivots=programming-language-csharp#hostjson-settings

nulltoken commented 1 year ago

@fabiocav @brettsam Although the obfuscation work, would there be any way to not issue the server header?