Merge pull request #2161 from chef/rajeshpaul38/hide-nginx-server-hea…

…der-from-response Hide nginx server header from response
chef · Aug 18, 2021 · 75e982b · 75e982b
2 parents 06e5df6 + 3359189
commit 75e982b
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/omnibus/config/software/supermarket.rb b/omnibus/config/software/supermarket.rb
@@ -21,7 +21,7 @@
 
 dependency "cacerts"
 dependency "git"
-dependency "nginx"
+dependency "openresty"
 dependency "postgresql"
 dependency "redis"
 dependency "ruby"

diff --git a/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb b/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb
@@ -37,6 +37,7 @@ http {
   <% end %>
 
   server_tokens off;
+  more_clear_headers Server;
   add_header X-Clacks-Overhead "GNU Terry Pratchett";
 
   sendfile <%= @nginx['sendfile'] %>;

diff --git a/...s/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb b/...s/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb
@@ -85,7 +85,7 @@
   describe "http GET to Port #{property['supermarket']['nginx']['non_ssl_port']}" do
     subject { http("http://localhost:#{property['supermarket']['nginx']['non_ssl_port']}") }
     it 'should not include server version number in response headers' do
-      expect(subject.headers.server).to cmp('nginx')
+      expect(subject.headers.server).to be_nil
     end
   end
 
@@ -97,7 +97,7 @@
 
     describe http("https://#{property['supermarket']['fqdn']}:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) do
       it 'should not include server version number in response headers' do
-        expect(subject.headers.server).to cmp('nginx')
+        expect(subject.headers.server).to be_nil
       end
 
       its('headers.keys') { should include('strict-transport-security') }