From d6b474c0ae7b03bbe7601bf091c833933a426c34 Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Mon, 21 Nov 2011 17:53:13 -0500
Subject: Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
 r=mkanat, approved for trunk=LpSolit

---
 Bugzilla/CGI.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Bugzilla/CGI.pm')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index e0e1c40ba..9d8a1c48f 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -306,6 +306,10 @@ sub header {
         unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
     }
 
+    # Add X-XSS-Protection header to prevent simple XSS attacks
+    # and enforce the blocking (rather than the rewriting) mode.
+    unshift(@_, '-x_xss_protection' => '1; mode=block');
+
     return $self->SUPER::header(@_) || "";
 }
 
-- 
cgit v1.2.3-24-g4f1b