gunicorn server type exposed in security check when deploying Hue using helm chart #3332
-
Description{HTTP Request Method == POST ;;; HTTP URI == http://k8s-node:nodeport/notebook/api/get_logs;;; HTTP User-Agent == Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36;;; HTTP Return Code == 200;;; HTTP Server Type == gunicorn/19.9.0;;; HTTP Host == k8s-node:nodeport;;; HTTP Response Content Type == application/json Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.... I checked the configuration file in helm chart but it seems there is no way we can stop publishing server type in the response header, please assist |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
Hey @nikhil-sharma31, thanks for pointing this out! @ranade1 @athithyaaselvam - Any pointers/updates on this issue? IIRC this is similar to what you were working on? |
Beta Was this translation helpful? Give feedback.
-
|
Is this resolved? Looks like need to update the lastest version of the helm chart? |
Beta Was this translation helpful? Give feedback.
-
|
@nikhil-sharma31 |
Beta Was this translation helpful? Give feedback.
@nikhil-sharma31
This issue was addressed by @athithyaaselvam in PR #3222
It is not available in a release yet but the code is merged so you can pull the latest from master and build if you need it now.