Remove version string from http response headers, to avoid any information disclosure about the sender's server

This commit is contained in:
Micah Lee 2017-05-22 14:58:23 -07:00
parent 36d3fac5c9
commit 91bb0eefa5

View File

@ -54,7 +54,7 @@ security_headers = [
('X-Xss-Protection', '1; mode=block'),
('X-Content-Type-Options', 'nosniff'),
('Referrer-Policy', 'no-referrer'),
('Server', strings._('version_string').format(common.get_version()))
('Server', 'OnionShare')
]
def set_file_info(filenames, processed_size_callback=None):