aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-11-21 14:15:32 -0800
committerReed Loden <reed@reedloden.com>2011-11-21 14:15:32 -0800
commit92308c08cfd6608383be7faf90318f620ed5f4dc (patch)
treedec5b16ea25e70a537e33d152160bb68752d9edb /Bugzilla
parent2e19756821f33549ea0bb729b1826145ba0a4a67 (diff)
downloadbugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar
bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.gz
bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.bz2
bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.xz
bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.zip
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
[r=mkanat a=LpSolit]
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/CGI.pm4
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index e0e1c40ba..9d8a1c48f 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -306,6 +306,10 @@ sub header {
unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
}
+ # Add X-XSS-Protection header to prevent simple XSS attacks
+ # and enforce the blocking (rather than the rewriting) mode.
+ unshift(@_, '-x_xss_protection' => '1; mode=block');
+
return $self->SUPER::header(@_) || "";
}