From 92308c08cfd6608383be7faf90318f620ed5f4dc Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Mon, 21 Nov 2011 14:15:32 -0800 Subject: Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking [r=mkanat a=LpSolit] --- Bugzilla/CGI.pm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Bugzilla') diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index e0e1c40ba..9d8a1c48f 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -306,6 +306,10 @@ sub header { unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); } + # Add X-XSS-Protection header to prevent simple XSS attacks + # and enforce the blocking (rather than the rewriting) mode. + unshift(@_, '-x_xss_protection' => '1; mode=block'); + return $self->SUPER::header(@_) || ""; } -- cgit v1.2.3-24-g4f1b