fix(FSADT1-1084): Unnecessary Http Response Headers found in the Appl…

…ication (#690)
bcgov · Dec 20, 2023 · e366794 · e366794
1 parent 5638236
commit e366794
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
@@ -69,6 +69,10 @@ public Mono<Void> filter(ServerWebExchange ctx, WebFilterChain chain) {
 
     headers.add("Strict-Transport-Security", 
                 "max-age=300; includeSubDomains");
+
+    headers.remove("Server");
+
+    headers.remove("X-Powered-By");
 
     if (CorsUtils.isPreFlightRequest(request)) {
       response.setStatusCode(HttpStatus.NO_CONTENT);