((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[racket] Web server "Server" header

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Tue Apr 12 09:28:42 EDT 2011		 
A few thoughts...

Is it an error to not include this header? I'm not interested in the
subtle advertising to log readers, so it doesn't really matter to me
what is says.

What's the behavior when there are two Server headers? Because you can
just as easily pass another one in the optional header list.

I don't like the idea of a parameter or another field in the response
data structure, but maybe I should just add an optional argument to
response/xexpr and then remove the automatic insertion in the code you
quote.

Jay

2011/4/11 Norman Gray <norman at astro.gla.ac.uk>:
>
> Greetings.
>
> In web-server/http/response.rkt we find:
>
>> (define (output-response-head conn bresp)
>>   (fprintf (connection-o-port conn)
>>            "HTTP/1.1 ~a ~a\r\n"
>>            (response-code bresp)
>>            (response-message bresp))
>>   (output-headers
>>    conn
>>    (list* (make-header #"Date" (string->bytes/utf-8 (seconds->gmt-string (current-seconds))))
>>           (make-header #"Last-Modified" (string->bytes/utf-8 (seconds->gmt-string (response-seconds bresp))))
>>           (make-header #"Server" #"Racket")
>>           (make-header #"Content-Type" (response-mime bresp))
>>           (append (if (connection-close? conn)
>>                       (list (make-header #"Connection" #"close"))
>>                       empty)
>>                   (response-headers bresp)))))
>
> This (inter alia) fixes the value of the "Server" header to be #"Racket"; it isn't configurable (unless there's some super-subtle way this can be changed).
>
> RFC 2616 Sect. 14.38 says "The Server response-header field contains information about the software used by the origin server to handle the request."   Thus forcing this header to be #"Racket" isn't _wrong_, but it would seem to be a Good Thing (at least) to allow applications based on the Racket server to identify themselves here.  There is text in the RFC warning against leaking too much information here, but that's not irreconcilable with the useful traceability functions this header can have.
>
> Is there any easy way this could be made configurable?
>
> Best wishes,
>
> Norman
>
>
> --
> Norman Gray  :  http://nxg.me.uk
>
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://lists.racket-lang.org/listinfo/users
>



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://faculty.cs.byu.edu/~jay

"The glory of God is Intelligence" - D&C 93
Posted on the users mailing list.