X-Content-Encoded-By

[Davide Tampellini]

X-Content-Encoded-By Joomla! 2.5

I have a simple question: why?
Why I can't trigger it off as I do with the meta tag?
Moreover: why it's hard coded? In Joomla 3.1 it says 1.6 !!

[piotr_cz]

I'd like to know, too.
Meanwhile: Clean Response (http://extensions.joomla.org/extensions/
site-management/browsers-a-web-standards/12736)

[Janich Rasmussen]

Ditto - I remember it was fixed after 1.6 was released (but was still hardcoded iirc).

It should at least be using a native versioning.

Have you created an issue for this on the tracker?

[Nikolaos K. Dionysopoulos]

There are far more telling (and subtle) signs for the hacker, like the use of signature directories like images, templates, media, components and so on. I'm also quite convinced that most script kiddies don't even get into the trouble of fingerprinting. I'm receiving tons of "hacking attempts" for Mambo(!), WordPress and IIS 4.0 on my site which is clearly advertised as Joomla! running on Apache :) But I agree that sending an HTTP header for no reason is bad form. It should be the choice of the user if they want to advertise that their site is powered by Joomla!.

Nicholas K. Dionysopoulos

Email: niko...@gmail.com

Blog: www.dionysopoulos.me/blog

On 19 Μαϊ 2013, at 10:53 , Jurian Even <in...@twentronix.com> wrote:

And if it's implemented (why?) it should have an option to turn it off. It's a nice fingerprint for hackers... 

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To post to this group, send an email to joomla-de...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-general?hl=en-GB.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[piotr_cz]

Let's get rid of it then.
It's bugging me since foverver and seems that X-Content-Encoded-By is
non-standard joomla-specific header.
The biggest mystery for me is that it's being inserted only on
compressed output.


Joomla already inserts a generator meta tag in document head.
<meta name="generator" content="Joomla! - Open Source Content
Management" />


On May 19, 10:02 am, "Nikolaos K. Dionysopoulos" <nikosd...@gmail.com>
wrote:

> There are far more telling (and subtle) signs for the hacker, like the use of signature directories like images, templates, media, components and so on. I'm also quite convinced that most script kiddies don't even get into the trouble of fingerprinting. I'm receiving tons of "hacking attempts" for Mambo(!), WordPress and IIS 4.0 on my site which is clearly advertised as Joomla! running on Apache :) But I agree that sending an HTTP header for no reason is bad form. It should be the choice of the user if they want to advertise that their site is powered by Joomla!.
>
> Nicholas K. Dionysopoulos

> Email: nikosd...@gmail.com
> Blog:www.dionysopoulos.me/blog

[Janich Rasmussen]

It's joomla-specific yeah, but it's been there for a long time.

Removing it may not be the best solution, but we could deprecate it for a future removal.

How about deprecating it and make it obey the config MetaVersion variable?

[Davide Tampellini]

On Monday, May 20, 2013 11:08:45 AM UTC+2, Janich Rasmussen wrote:

How about deprecating it and make it obey the config MetaVersion variable?

+1 about that.
the sooner the better

[piotr_cz]

+1
Great idea.

[Сергей Мочалов]

+1

среда, 15 мая 2013 г., 21:37:52 UTC+4 пользователь Davide Tampellini написал:

[Nick Savov]

Someone report it as a bug and send a pull request for it ;)
http://docs.joomla.org/Filing_bugs_and_issues
http://docs.joomla.org/Git_for_Coders

Kind regards,
Nick


> +1
>
> �����, 15 ��� 2013 �., 21:37:52 UTC+4 ������������ Davide Tampellini
> �������:

>>
>>
>> X-Content-Encoded-By Joomla! 2.5
>>
>> I have a simple question: why?
>> Why I can't trigger it off as I do with the meta tag?
>> Moreover: why it's hard coded? In Joomla 3.1 it says 1.6 !!
>>
>

> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! General Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to joomla-dev-gene...@googlegroups.com.
> To post to this group, send an email to
> joomla-de...@googlegroups.com.

[piotr_cz]

Pull Request:
https://github.com/joomla/joomla-cms/pull/1233

Issue Tracker:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31080

I'm not sure about my wording about depreciation.

On May 24, 8:05 pm, "Nick Savov" <n...@iowawebcompany.com> wrote:
> Someone report it as a bug and send a pull request for it ;)http://docs.joomla.org/Filing_bugs_and_issueshttp://docs.joomla.org/Git_for_Coders

[Davide Tampellini]

Thank you!

[piotr_cz]

We need some testers to get this patch merged

[piotr_cz]

Hi all, it's merged now (header will show only if MetaVersion is set to on and compression is enabled)

Header is set as deprecated since Joomla 4.0

https://github.com/joomla/joomla-cms/pull/1233

[Donald Gilbert]

Great! 

--

You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To post to this group, send an email to joomla-de...@googlegroups.com.

Visit this group at http://groups.google.com/group/joomla-dev-general.