Geek Answers Handbook

Override X-Powered-By HTTP Header

For some security reasons, you must set the X-Powered-By header to an empty string. I am trying to set the header to a filter, but when I look at the headers in Firebug, I see that the custom header value set by my filter is added by JSF / 1.2.

The filter is the first in the query chain and implicitly the last in the response chain. Below is an example of the code that I wrote in the doFilter method.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
    // App specific logic...
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    httpResponse.setHeader("X-Powered-By","");
    chain.doFilter(request, response);
}

Am uses Tomcat 6. Since my filter is the last in the response chain, does tomcat set this header again after the control returns to the tomcat connector?

How to override this value for my custom value?

+4
source share
2 answers

You adjust the response header before the rest of the application can process the response. You must install it after callingdoFilter

HttpServletResponse httpResponse = (HttpServletResponse) response;
// before filters and servlets
chain.doFilter(request, response);
// after filters and servlets
httpResponse.setHeader("X-Powered-By","");

Also, make sure the answer is not set before setting the header . You may need to change what other servlets do, or wrap it HttpServletResponse.

If the header is added by the Jasper JSP engine, you can check if it is configured. Your Jasper's servlet $CATALINA_BASE/conf/web.xmlmay have been init-param xpoweredByinstalled to true.

+2
source

Here's a similar Stackoverflow question here, JSF overrides HTTP headers

: PhaseListener. , JSF, , .

0

More articles:


All Articles