[英]How to remove server info header from web api core 3.1 response which is hosted as azure web app?
I have an azure web api developed in .net core 3.1.我有一个 azure web api 在 Z2D50972FECD376129545507F106 内核中开发。 Request and response working fine.请求和响应工作正常。 I am trying to remove server header from api response but no successes so far.我正在尝试从 api 响应中删除服务器 header 但到目前为止没有成功。
Tried below things,
option 1) Added in programe.cs
static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>{webBuilder.ConfigureKestrel(serverOptions =>
{
serverOptions.AddServerHeader = false;
}).UseStartup<Startup>();
});
option 2) Added in Configure method of startup.cs
app.Use(async (context, next) =>
{
context.Response.OnStarting(() =>
{
int responseStatusCode = context.Response.StatusCode;
if (responseStatusCode == (int)HttpStatusCode.Created)
{
IHeaderDictionary headers = context.Response.Headers;
StringValues locationHeaderValue = string.Empty;
if (headers.TryGetValue("Server", out locationHeaderValue))
{
context.Response.Headers.Remove("Server");
}
}
return Task.FromResult(0);
});
option 3) Added in Configure method of startup.cs
app.Use(async (context, next) =>
{
context.Response.Headers.Remove("Server");
await next();
}
Either of these did not worked in my case. Am i missing anything here?
Please provide your suggestions.
For Kestrel: Try setting Kestrel options like below snippet in Program.cs.对于 Kestrel:尝试在 Program.cs 中设置 Kestrel 选项,如下所示。 The Kestrel Server header gets added too late in the request pipeline. Kestrel 服务器 header 在请求管道中添加得太晚了。 Therefore removing it via the web.config or via middleware is not possible.因此,无法通过 web.config 或中间件将其删除。 Note: Below I used UseKestrel instead of ConfigureKestrel.注意:下面我使用了 UseKestrel 而不是 ConfigureKestrel。
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.UseKestrel(options => options.AddServerHeader = false)
});
For IIS: You need to set in web.config like below:对于 IIS:您需要在 web.config 中设置如下:
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Hope it helps.希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.