问题
I am developing an ASP.NET Web API application which responds to the clients with a custom datetime http header. While I have read several articles describing how to remove response headers from ASP.NET/IIS, this one always seem to be resilient, i can't get rid of it. It seems to be placed in the response pipeline somewhere out of the programmer's/administrator's control, at the very end.
I know it may be a bad practice not to include the "Date" header in the response but, as i mentioned, the custom datetime header (which is in ticks instead of a string representation) makes the default one redundant; furthermore, this is a private API, so i know exactly who and how uses it.
Is it thus possible in any way to remove this header in IIS (v7+) for a specific site (or directly from the Web API application)?
Edit:
I tried (without success) the following techniques:
- Creating a custom handler to remove the header right from the Web API project
- Registering a custom IHttpModule
- Explicit removal of headers in web.config in
<httpProtocol><customHeaders>section - Remove HTTP response headers in IIS Manager
- Header removal code in
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)method inGlobal.asax.cs
回答1:
According to HTTP Spec, Date header is mandatory, except for these conditions which I dont think apply to your case:
Origin servers MUST include a Date header field in all responses, except in these cases:
1. If the response status code is 100 (Continue) or 101 (Switching
Protocols), the response MAY include a Date header field, at
the server's option.
2. If the response status code conveys a server error, e.g. 500
(Internal Server Error) or 503 (Service Unavailable), and it is
inconvenient or impossible to generate a valid Date.
3. If the server does not have a clock that can provide a
reasonable approximation of the current time, its responses
MUST NOT include a Date header field. In this case, the rules
in section 14.18.1 MUST be followed.
回答2:
This is not going to be possible from within the actual WebApi/Mvc pipeline, so options like action filters and delegating handlers are out.
Instead you will probably need to implement a custom IHttpModule and register it inside IIS. There is an article here you should read and follow. The approach is very simple and easy to adapt.
Just replace the set in that example with:
HttpContext.Current.Response.Headers.Remove("Date");
来源:https://stackoverflow.com/questions/14476472/removing-the-date-http-response-header-on-iis-7