A few days ago, I discovered that Mojolicious::Plugin::PoweredBy is
enabled by default, and adds an "X-Powered-By: Mojolicious (Perl)"
header to all HTTP responses. Although I can change the value of the
header, there is no way to suppress it (e.g. by setting the value to
undef). Since X-headers are meant for private experiments, and should
not be exposed to the Internet (never mind how many people do it
anyway), I thought this was poor behaviour.
The solution was to bundle an empty PoweredBy plugin with my app:
package Mojolicious::Plugin::PoweredBy;
use base 'Mojolicious::Plugin';
sub register {
}
1;
I brought this up in #mojo on IRC, suggesting tactfully that the plugin
should either not be enabled by default, or be easier to disable (when
what I really wanted was to suggest it be removed entirely). The Mojo
author disagreed, and said that nobody would enable it if it wasn't
enabled by default (which is quite true, and to me suggests that it
should not exist at all), and that it was "advertising" for Mojo.
It may be advertising, but I'm not sure it sends the right message.