Add possibility to hide version on Auth login page

influxdata / chronograf

Open source monitoring and visualization UI for the TICK stack

https://www.influxdata.com/time-series-platform/chronograf/

Other

1.5k stars 257 forks source link

Add possibility to hide version on Auth login page #6002

Closed partamonov closed 2 years ago

partamonov commented 2 years ago

Now there is no way how I can remove deployed version from auth login page. Usually it is preferred way to remove any details about deployed product.

If that string can be changed or version omitted by some CLI flag or ENV var, that would be awesome

I checked it in v1.9.4

sranka commented 2 years ago

Thank you for reporting a defect. Can you please provide a rationale for why the version should be removed, it is opinionated otherwise.

FYI, the version is indeed printed in https://github.com/influxdata/chronograf/blob/master/ui/src/auth/Login.js#L55, ... it is this way for more than 5 years. You can still fork this repo, customize the pages the way you like, and then build chronograf binaries on your own.

partamonov commented 2 years ago

It usually suggested to hide server tokens to required minimum.

Nginx
Apache.

Opposite to it, it is not really improving security, what is written in Apache docs.

So it can be considered opinionated too

sranka commented 2 years ago

Chronograf is IMHO not a platform (like Nginx, or Apache) to provide such a level of customization in a configuration. This type of customization can be still provided in a custom build, if necessary.