Server Version Disclosure On Error Page #8567
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on November 21
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| 'X-Forwarded-Proto', | ||
| 'X-Forwarded-Host', | ||
| 'X-Forwarded-Server', | ||
| 'X-Forwarded-Port', |
There was a problem hiding this comment.
Bug: Middleware Conflict Breaks Load Balancer Functionality
The HideServerHeaders middleware removes proxy/forwarding headers essential for applications behind load balancers. This prevents the TrustProxies middleware (running earlier) from correctly identifying the client's true IP, protocol, and host, breaking functionality like IP-based access control, HTTPS detection, and URL generation.
|
=## Issue & Reproduction Steps
Server Version Disclosure On Error Page
Solution
How to Test
Review the headers returned by requests to ensure they do not contain relevant information about the server or the technologies used.
Note:
Since this is a change that involves all endpoints, it is suggested that a full test be performed, checking that when the HIDE_SERVER_HEADERS variable is set to true by default, the server name will change to ProcessMaker Server and when it is set to false, the normal header will remain.
HIDE_SERVER_HEADERS=falseHIDE_SERVER_HEADERS=trueRelated Tickets & Packages
Code Review Checklist