summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2012-09-13 01:53:45 +0200
committerReed Loden <reed@reedloden.com>2012-09-13 01:53:45 +0200
commit3645d207cfbd2596ba86ef83394894ee7ae24df7 (patch)
tree365802129fce66f0bbfc148f150705be9bb034da
parent2b9b23317e1f4857bbd3219d076fb6d94be8abe0 (diff)
downloadbugzilla-3645d207cfbd2596ba86ef83394894ee7ae24df7.tar.gz
bugzilla-3645d207cfbd2596ba86ef83394894ee7ae24df7.tar.xz
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
[r=mkanat a=LpSolit]
-rw-r--r--Bugzilla/CGI.pm4
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index a16ae6686..4dd223a31 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -316,6 +316,10 @@ sub header {
unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
}
+ # Add X-XSS-Protection header to prevent simple XSS attacks
+ # and enforce the blocking (rather than the rewriting) mode.
+ unshift(@_, '-x_xss_protection' => '1; mode=block');
+
# Add X-Content-Type-Options header to prevent browsers sniffing
# the MIME type away from the declared Content-Type.
unshift(@_, '-x_content_type_options' => 'nosniff');