Any ideas/suggestions on how to hide software/server version in Superset? We hired an information security company to perform an external pen-testing in our servers and one of the issues raised was to hide all the software versions being disclosed on application headers/error messages.
So for example if I execute this command from a terminal:
curl -I -k https://localhost:8181/
It is disclosing the server information by default (line 5 below).
HTTP/1.0 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 241
Location: https://localhost:8089/superset/welcome
Server: Werkzeug/1.0.1 Python/3.6.10
Date: Mon, 20 Jul 2020 12:07:33 GMT
Follow these steps:
Go to your Superset directory. In my case, cd /usr/local/lib/python3.6/site-packages/superset/
Modify config.py
Find and edit this line: OVERRIDE_HTTP_HEADERS: Dict[str, Any] = {"Server":""}
Restart Superset and you're done