I want to remove some headers that my webserver injects into the header response but provides no ability to remove
I only see helper functions to add headers, but no way to remove them in Grape and I cant seem to find the variable where headers are contained
I specifically want to strip out X-Powered-By
which gets injected by my Passenger server, passenger only seems to provide the ability to remove the version number but not the ability to remove it completely... which seems insecure...
i'd like to do this in my before
block
before do
## I see i can easily add headers, but not remove
header 'X-Robots-Tag', 'noindex'
## how do I remove headers here?
## ...
end
## ... some routes
get '/' do
## ...
end
Many libraries provide the ability to remove headers, for instance:
app.use(function (req, res, next) {
res.header('Pragma', 'no-cache');
res.removeHeader('Pragma');
next();
});
response.headers['Connection'] = 'Closed'
remove_keys = %w(X-Runtime Cache-Control Server Etag Set-Cookie)
response.headers.delete_if{|key| remove_keys.include? key}
While a bit awkward in my opinion the Docs do show you can delete a header by just passing the key and not the value (or passing the value as nil
)
For your Example:
before do
## I see i can easily add headers, but not remove
header 'X-Robots-Tag', 'noindex'
## how do I remove headers here?
header 'X-Powered-By'
end
I guess the concept is that a header set to a non value is not really a header at all.