search

Luzifer / staticmap

Webserver to generate static maps from OpenStreetMap tiles
Apache License 2.0
10 stars 5 forks source link

staticmap version not easy to find from docker container #5

Closed mrdvt92 closed 3 days ago

mrdvt92 commented 4 days ago

Can you add the staticmap version to either the HTTP header or the 404 root page?

Apache supports this server string in the HTTP header.

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 mod_wsgi/4.7.1 Python/3.6 PHP/5.4.16 mod_perl/2.0.11 Perl/v5.16.3

Your web server could do something similar like this.

res.Header().Set("Server", fmt.Sprintf("staticmap/%s", version))

Which should return something like this

Server: staticmap/0.6.3

Current 0.6.3 behavior 

$ curl -i http://127.0.0.1:3000/
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Sat, 30 Nov 2024 04:35:39 GMT
Content-Length: 19

404 page not found
Luzifer commented 3 days ago

Exposing the software version using the Server header is commonly seen as a bad idea in the security community and general recommendation is not to expose it:

https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#server