Hide tornado version

Is there any config to prevent tornado server to not send the version?

Jupyterlab details

$ jupyter --version
jupyter core     : 4.7.1
jupyter-notebook : 6.4.3
qtconsole        : not installed
ipython          : 7.26.0
ipykernel        : 6.1.0
jupyter client   : 6.1.12
jupyter lab      : 3.1.6
nbconvert        : 6.1.0
ipywidgets       : not installed
nbformat         : 5.4.0
traitlets        : 5.2.2

Who do you want to hide the header from?

You could put a proxy such as Nginx in front of your application, which will allow you to add/hide/modify any headers you want.

Thanks @manics , this issue showed up in our security evaluation. Yes, before i explored the nginx proxy route, wanted to know if there is a config knob in jupyterlab itself to accomplish this.

I think that you can achieve that creating a custom jupyter-server extension and adding appropriate add_transform method as discussed in web: Remove version from server header · Issue #2935 · tornadoweb/tornado · GitHub. In worst case scenario you would need to monkey patch the server class but I don’t think that would be needed.

1 Like