From: anurag <anurag@localhost.localdomain>
Date: Mon, 20 Apr 2020 23:13:07 +0000 (+0530)
Subject: This commit is intended to hide CherryPy name and version, from HTTP header 'Server... 
X-Git-Tag: v16.1.0~2489^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6fea0f2ce861360643b86774fd86391b781c3789;p=ceph.git

This commit is intended to hide CherryPy name and version, from HTTP header 'Server' response.

Fixes: <https://tracker.ceph.com/issues/44935>
Signed-off-by: anurag <abandhu@redhat.com>
---

diff --git a/qa/tasks/mgr/dashboard/test_requests.py b/qa/tasks/mgr/dashboard/test_requests.py
index 0d9f8d9ba83..25460914866 100644
--- a/qa/tasks/mgr/dashboard/test_requests.py
+++ b/qa/tasks/mgr/dashboard/test_requests.py
@@ -21,3 +21,9 @@ class RequestsTest(DashboardTestCase):
         self.assertHeaders({
             'Content-Type': 'application/json',
         })
+
+    def test_server(self):
+        self._get('/api/summary')
+        self.assertHeaders({
+            'server': 'Ceph-Dashboard'
+        })
\ No newline at end of file
diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py
index d829362e63d..955b3f9cc6f 100644
--- a/src/pybind/mgr/dashboard/services/auth.py
+++ b/src/pybind/mgr/dashboard/services/auth.py
@@ -15,6 +15,10 @@ import jwt
 from .access_control import LocalAuthenticator, UserDoesNotExist
 from .. import mgr
 
+cherrypy.config.update({
+    'response.headers.server': 'Ceph-Dashboard'
+    })
+
 
 class JwtManager(object):
     JWT_TOKEN_BLACKLIST_KEY = "jwt_token_black_list"