diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-21 23:53:13 +0100 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-21 23:53:13 +0100 |
commit | d6b474c0ae7b03bbe7601bf091c833933a426c34 (patch) | |
tree | f49ae6da9cfa32643000cc56a6b78af217d7f524 | |
parent | 355f4c5d48d49bc0ab3f462ebce8ca5178ef380f (diff) | |
download | bugzilla-d6b474c0ae7b03bbe7601bf091c833933a426c34.tar.gz bugzilla-d6b474c0ae7b03bbe7601bf091c833933a426c34.tar.xz |
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
r=mkanat, approved for trunk=LpSolit
-rw-r--r-- | Bugzilla/CGI.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index e0e1c40ba..9d8a1c48f 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -306,6 +306,10 @@ sub header { unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); } + # Add X-XSS-Protection header to prevent simple XSS attacks + # and enforce the blocking (rather than the rewriting) mode. + unshift(@_, '-x_xss_protection' => '1; mode=block'); + return $self->SUPER::header(@_) || ""; } |