Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7807

HTTP endpoint exposes Server header

    XMLWordPrintable

    Details

    • Bug
    • Status: Dev backlog
    • Major
    • Resolution: Unresolved
    • 7.1.0
    • None
    • rest
    • None

      Description

      While trying a sample with rest2ldap with httpie, I've noticed we get these headers:

      HTTP/1.1 200 OK
      Cache-Control: no-store
      Connection: keep-alive
      Content-API-Version: protocol=2.1,resource=1.0
      Content-Type: application/json; charset=UTF-8
      Date: Thu, 04 Feb 2021 16:36:59 GMT
      ETag: "000000000a1bfa8f"
      Expires: 0
      Pragma: no-cache
      Server: Apache-HttpCore/5.0.3 (Java/11.0.6)
      Transfer-Encoding: chunked
      X-Content-Type-Options: nosniff
      

      DS should not return the server used: Server: Apache-HttpCore/5.0.3 (Java/11.0.6).

      How to reproduce?

      • install DS in eval mode
      #!/bin/sh
      deploymentKey=$(./opendj/bin/dskeymgr create-deployment-key --deploymentKeyPassword password)
      ./setup --deploymentKey $deploymentKey \
                    --deploymentKeyPassword password \
                    --rootUserDn uid=admin \
                    --rootUserPassword password \
                    --hostname opendj.example.com \
                    --adminConnectorPort 4444 \
                    --ldapPort 1389 \
                    --enableStartTls \
                    --ldapsPort 1636 \
                    --httpPort 8080 --replicationPort 8989 \
                    --profile ds-evaluation \
                    --set ds-evaluation/generatedUsers:10000
      
      ./bin/dsconfig set-http-endpoint-prop --endpoint-name /api --set enabled:true --offline --no-prompt
      ./bin/start-ds
      http 'http://admin:password@localhost:8080/api/users/bjensen?_prettyPrint=true'
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            cedric.tran-xuan Cedric Tran-Xuan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: