删除“服务器" ASP.NET Core 2.1应用程序中的标头 [英] Remove "Server" header from ASP.NET Core 2.1 application

问题描述

是否可以在ASP.NET Core 2.1应用程序中运行 Server 响应标头(在带有IIS 10的Server 2016上运行)?

Is it possible to remove the Server Response header in a ASP.NET Core 2.1 application (running on Server 2016 with IIS 10)?

我尝试将以下内容放入web.config:

I tried putting the following in the web.config:

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="X-Frame-Options" value="sameorigin" />
            <add name="X-XSS-Protection" value="1; mode=block" />
            <add name="X-Content-Type-Options" value="nosniff" />
            <remove name="X-Powered-By" />
            <remove name="Server" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

对Response的前四个更改工作正常，但未删除 Server 标头.我仍然看到茶est"

The first four alterations to the Response worked fine, but the Server header was not removed. I still see "Kestrel"

推荐答案

在请求管道中添加Kestrel Server标头的时间太晚了.因此，无法通过web.config或中间件将其删除.

The Kestrel Server header gets added too late in the request pipeline. Therefore removing it via the web.config or via middleware is not possible.

您可以通过设置

You can remove the Server header by setting the AddServerHeader property to false on KestrelServerOptions, this can be done in the Program.cs.

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseKestrel(options => options.AddServerHeader = false)
            .UseStartup<Startup>();

这篇关于删除“服务器" ASP.NET Core 2.1应用程序中的标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！