Hi,
We have Blazor WebAssembly application deployed to an Azure AppService. For security reasons, we wanted to hide the 'Server' Token in the response header. I have researched and couldn't find any solutions for Blazor Webassembly. For is the server token found in the response headers.
Server: Microsoft-IIS/10.0
Any suggestions or pointers are greatly appreciated. Thank you in advance.
Try adjusting your configure options for Kestrel (likely in Program.cs) like this:
builder.WebHost.ConfigureKestrel(options => options.AddServerHeader = false);For additional information, check out:
Hi @selliott,
Thank you for taking the time to respond to my question. Look like ConfigureKestrel is only available for ASP.NET Hosted Blazor App. I am trying to configure the same in a Standalone web assembly blazor app hosting on Azure AppService (IIS).
You can try adjusting your web.config to something along the lines of this (don't replace the existing file with this, just notice the "requestFiltering" and "remove" entries) and see if that helps:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>That worked @selliott. Thank you for your help.
Just 2 things to note here: In order to copy the web.config to the published folder, at the following property group to the .csproj file. Also make sure the web.config file is added to wwwroot folder and not to the project root.
https://learn.microsoft.com/en-us/aspnet/core/blazor/host-and-deploy/webassembly?view=aspnetcore-3.1#standalone-deployment