Search code examples
rubyruby-grape

Grape - How do I remove headers from response?


I want to remove some headers that my webserver injects into the header response but provides no ability to remove

I only see helper functions to add headers, but no way to remove them in Grape and I cant seem to find the variable where headers are contained

I specifically want to strip out X-Powered-By which gets injected by my Passenger server, passenger only seems to provide the ability to remove the version number but not the ability to remove it completely... which seems insecure...

i'd like to do this in my before block

before do
  ## I see i can easily add headers, but not remove
  header 'X-Robots-Tag', 'noindex'
  
  ## how do I remove headers here?
  ## ...
end

## ... some routes
get '/' do
  ## ...
end

Many libraries provide the ability to remove headers, for instance:

ExpressJS
app.use(function (req, res, next) {
  res.header('Pragma', 'no-cache');
  res.removeHeader('Pragma');
  next();
});
Rails
response.headers['Connection'] = 'Closed'
remove_keys = %w(X-Runtime Cache-Control Server Etag Set-Cookie)
response.headers.delete_if{|key| remove_keys.include? key}

Solution

  • While a bit awkward in my opinion the Docs do show you can delete a header by just passing the key and not the value (or passing the value as nil)

    For your Example:

    before do
      ## I see i can easily add headers, but not remove
      header 'X-Robots-Tag', 'noindex'
      
      ## how do I remove headers here?
      header 'X-Powered-By'
    end
    

    I guess the concept is that a header set to a non value is not really a header at all.