From 52cf5b5ec334c13675e6132c79fc09367a48d21c Mon Sep 17 00:00:00 2001 From: Shannon Date: Thu, 4 Jun 2015 10:51:15 +0200 Subject: [PATCH] Changes header modification to PostReleaseRequestState --- src/Umbraco.Web/UmbracoModule.cs | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/Umbraco.Web/UmbracoModule.cs b/src/Umbraco.Web/UmbracoModule.cs index 6efe4d4d6a..0c0b7eebc3 100644 --- a/src/Umbraco.Web/UmbracoModule.cs +++ b/src/Umbraco.Web/UmbracoModule.cs @@ -596,21 +596,26 @@ namespace Umbraco.Web var httpContext = ((HttpApplication)sender).Context; LogHelper.Debug("Begin request: {0}.", () => httpContext.Request.Url); BeginRequest(new HttpContextWrapper(httpContext)); - - //disable asp.net headers (security) - try - { - httpContext.Response.Headers.Remove("Server"); - //this doesn't normally work since IIS sets it but we'll keep it here anyways. - httpContext.Response.Headers.Remove("X-Powered-By"); - } - catch (PlatformNotSupportedException ex) - { - // can't remove headers this way on IIS6 or cassini. - } - }; + //disable asp.net headers (security) + // This is the correct place to modify headers according to MS: + // https://our.umbraco.org/forum/umbraco-7/using-umbraco-7/65241-Heap-error-from-header-manipulation?p=0#comment220889 + app.PostReleaseRequestState += (sender, args) => + { + var httpContext = ((HttpApplication)sender).Context; + try + { + httpContext.Response.Headers.Remove("Server"); + //this doesn't normally work since IIS sets it but we'll keep it here anyways. + httpContext.Response.Headers.Remove("X-Powered-By"); + } + catch (PlatformNotSupportedException ex) + { + // can't remove headers this way on IIS6 or cassini. + } + }; + app.AuthenticateRequest += AuthenticateRequest; app.PostResolveRequestCache += (sender, e) =>