diff options
| author | Reed Loden <reed@reedloden.com> | 2012-09-13 01:53:45 +0200 |
|---|---|---|
| committer | Reed Loden <reed@reedloden.com> | 2012-09-13 01:53:45 +0200 |
| commit | 3645d207cfbd2596ba86ef83394894ee7ae24df7 (patch) | |
| tree | 365802129fce66f0bbfc148f150705be9bb034da | |
| parent | 2b9b23317e1f4857bbd3219d076fb6d94be8abe0 (diff) | |
| download | bugzilla-3645d207cfbd2596ba86ef83394894ee7ae24df7.tar.gz bugzilla-3645d207cfbd2596ba86ef83394894ee7ae24df7.tar.xz | |
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
[r=mkanat a=LpSolit]
| -rw-r--r-- | Bugzilla/CGI.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index a16ae6686..4dd223a31 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -316,6 +316,10 @@ sub header { unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); } + # Add X-XSS-Protection header to prevent simple XSS attacks + # and enforce the blocking (rather than the rewriting) mode. + unshift(@_, '-x_xss_protection' => '1; mode=block'); + # Add X-Content-Type-Options header to prevent browsers sniffing # the MIME type away from the declared Content-Type. unshift(@_, '-x_content_type_options' => 'nosniff'); |