fix werkzeug server header

app/__init__.py

@@ -292,7 +292,6 @@ def init_app(app):
         response.headers.add("Cross-Origin-Embedder-Policy", "require-corp")
         response.headers.add("Cross-Origin-Resource-Policy", "same-origin")
         response.headers.add("Cross-Origin-Opener-Policy", "same-origin")
-        response.headers.pop("Server", None)
 
         return response
 

application.py

@@ -2,9 +2,12 @@
 from __future__ import print_function
 
 from flask import Flask
+from werkzeug.serving import WSGIRequestHandler
 
 from app import create_app
 
+WSGIRequestHandler.version_string = lambda self: "SecureServer"
+
 application = Flask("app")
 
 create_app(application)

gunicorn_config.py

@@ -32,24 +32,6 @@ def worker_int(worker):
     worker.log.info("worker: received SIGINT {}".format(worker.pid))
 
 
-# fix dynamic scan warning 10036
-def post_fork(server, worker):
-    server.cfg.set(
-        "secure_scheme_headers",
-        {
-            "X-FORWARDED-PROTO": "https",
-        },
-    )
-    original_send = worker.wsgi.send
-
-    def custom_send(self, resp, *args, **kwargs):
-        resp.headers.pop("Server", None)
-        print(f"HEADERS!!!!!!!! {resp.headers}")
-        return original_send(resp, *args, **kwargs)
-
-    worker.wsgi.send = custom_send.__get__(worker.wsgi, type(worker.wsgi))
-
-
 def fix_ssl_monkeypatching():
     """
     eventlet works by monkey-patching core IO libraries (such as ssl) to be non-blocking. However, there's currently

notifications_utils/request_helper.py

@@ -95,7 +95,7 @@ class ResponseHeaderMiddleware(object):
                 if found_a_text_yaml:
                     headers.append(("Content-Type", "text/plain"))
 
-                print(headers)
+                print(f"MIDDLEWARE HEADERS {headers}")
                 return start_response(status, headers, exc_info)
 
             return self._app(environ, rewrite_response_headers)

scripts/migrate_and_run_web.sh

@@ -4,4 +4,4 @@ if [[ $CF_INSTANCE_INDEX -eq 0 ]]; then
   flask db upgrade
 fi
 
-exec newrelic-admin run-program gunicorn -c ${HOME}/gunicorn_config.py application
+exec newrelic-admin run-program gunicorn -c ${HOME}/gunicorn_config.py --no-sendfile application