[racket] Web server "Server" header

From: Norman Gray (norman at astro.gla.ac.uk)
Date: Mon Apr 11 19:09:41 EDT 2011

Greetings.

In web-server/http/response.rkt we find:

> (define (output-response-head conn bresp)
>   (fprintf (connection-o-port conn)
>            "HTTP/1.1 ~a ~a\r\n"
>            (response-code bresp)
>            (response-message bresp))
>   (output-headers
>    conn 
>    (list* (make-header #"Date" (string->bytes/utf-8 (seconds->gmt-string (current-seconds))))
>           (make-header #"Last-Modified" (string->bytes/utf-8 (seconds->gmt-string (response-seconds bresp))))
>           (make-header #"Server" #"Racket")
>           (make-header #"Content-Type" (response-mime bresp))
>           (append (if (connection-close? conn)
>                       (list (make-header #"Connection" #"close"))
>                       empty)
>                   (response-headers bresp)))))

This (inter alia) fixes the value of the "Server" header to be #"Racket"; it isn't configurable (unless there's some super-subtle way this can be changed).

RFC 2616 Sect. 14.38 says "The Server response-header field contains information about the software used by the origin server to handle the request."   Thus forcing this header to be #"Racket" isn't _wrong_, but it would seem to be a Good Thing (at least) to allow applications based on the Racket server to identify themselves here.  There is text in the RFC warning against leaking too much information here, but that's not irreconcilable with the useful traceability functions this header can have.

Is there any easy way this could be made configurable?

Best wishes,

Norman


-- 
Norman Gray  :  http://nxg.me.uk




Posted on the users mailing list.