Parameters: the version is exposed in http header only when configured

Currently the version is exposed in a 'Server' http headers.

This commit allows to parameterize it in the settings. By defaults it is
not exposed.

Fixes ether#3423

Author: Tristramg

settings.json.template

@@ -409,6 +409,13 @@
   */
 
   /*
+   * Expose Etherpad version in the Server http header.
+   *
+   * Do not enable on production machines.
+   */
+  "exposeVersion": false,
+
+    /*
    * The log level we are using.
    *
    * Valid values: DEBUG, INFO, WARN, ERROR

src/node/hooks/express.js

@@ -75,7 +75,12 @@ exports.restartServer = function () {
     // Stop IE going into compatability mode
     // https://github.com/ether/etherpad-lite/issues/2547
     res.header("X-UA-Compatible", "IE=Edge,chrome=1");
-    res.header("Server", serverName);
+
+    // send git version in the Server response header if exposeVersion is true.
+    if (settings.exposeVersion) {
+      res.header("Server", serverName);
+    }
+
     next();
   });
 

src/node/utils/Settings.js

@@ -291,6 +291,13 @@ exports.scrollWhenFocusLineIsOutOfViewport = {
   "scrollWhenCaretIsInTheLastLineOfViewport": false
 };
 
+/*
+ * Expose Etherpad version in the Server http header.
+ *
+ * Do not enable on production machines.
+ */
+exports.exposeVersion = false;
+
 // checks if abiword is avaiable
 exports.abiwordAvailable = function()
 {