Menu
In ASP.NET Core 1.0 every response will include the header Server: Kestrel. I want to remove this header along with other header like X-Power-By using middleware.
I know that we can remove Kestrel header in host configuration by setting the following but I want to do it using middleware (actually when we have Httpmodule we can do like this so I am learning same thing). I tried my bit it did not work.
new WebHostBuilder()
.UseKestrel(c => c.AddServerHeader = false)
Tried code:
public class HeaderRemoverMiddleware
{
private readonly RequestDelegate _next;
public HeaderRemoverMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext httpContext)
{
httpContext.Response.OnStarting(callback: removeHeaders, state: httpContext);
await _next.Invoke(httpContext);
}
private Task removeHeaders(object context)
{
var httpContext = (HttpContext)context;
if (httpContext.Response.Headers.ContainsKey("Server"))
{
httpContext.Response.Headers.Remove("Server");
}
return Task.FromResult(0);
}
}
public static class HeaderRemoverExtensions
{
public static IApplicationBuilder UseServerHeaderRemover(this IApplicationBuilder builder)
{
return builder.UseMiddleware<HeaderRemoverMiddleware>();
}
}
637
The HTTP Server header is a response-type header that contains the information about the used software by the server to handle all the requests. This header will only a few details of the server like the server name software like sffe, cloudflare etc.
I've verified that this code is working as of Kestrel 1.0.0:
.UseKestrel(opt => opt.AddServerHeader = false)
This removes the Server: Kestrel header from the response.
If you want to remove other arbitrary headers from the response, a variation of your code will work. This doesn't work for the Server: Kestrel header, because it appears that Kestrel adds this after the OnSending delegate runs.
Here's a sample middleware that will remove any headers you pass to it:
public class HeaderRemoverMiddleware
{
private readonly RequestDelegate _next;
private readonly ImmutableList<string> _headersToRemove;
public HeaderRemoverMiddleware(RequestDelegate next, ImmutableList<string> headersToRemove)
{
_next = next;
_headersToRemove = headersToRemove;
}
public async Task Invoke(HttpContext httpContext)
{
httpContext.Response.OnStarting(() =>
{
_headersToRemove.ForEach(header =>
{
if (httpContext.Response.Headers.ContainsKey(header))
{
httpContext.Response.Headers.Remove(header);
}
});
return Task.FromResult(0);
});
await _next.Invoke(httpContext);
}
}
public static class HeaderRemoverExtensions
{
public static IApplicationBuilder UseHeaderRemover(this IApplicationBuilder builder, params string[] headersToRemove)
{
return builder.UseMiddleware<HeaderRemoverMiddleware>(headersToRemove.ToImmutableList());
}
}
To use it, add it to the very top of your application pipeline:
app.UseHeaderRemover("Content-Type", "AnotherHeader");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
