a year ago
we need to remove server header due to security reasons. Our app is built on FastAPI, locally everything seems to be working fine by using this command uvicorn src.main:app --no-server-header server header is removed. When deploying to railway we are having this railway.toml file
[deploy]
numReplicas = 1
startCommand = "alembic upgrade head && uvicorn src.main:app --no-server-header --host 0.0.0.0 --port $PORT"
restartPolicyType = "ON_FAILURE"
restartPolicyMaxRetries = 10But it seems that railway overwrites the server header, because it is still set to "server: railway". Is it possible to somehow disable this?
2 Replies
a year ago
Railway does not provide a way to disable the server header they are setting, it would be helpful if you could go more in depth on why you need it removed
We are trying to pass ADA CASA Tier 2 assessment. After dynamic scan we got this recommendation:Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.
a year ago
the server header that railway sets does not disclose any of the technologies involved in serving the page unlike a nginx server header
4 months ago
Hello, I am also having a similar problem where railway-edge is being given as my server, but I am using my fastapi app for an assignment and I can not pass since the server is showing railway instead of nginx, is there any bypass