diff options
author | Reed Loden <reed@reedloden.com> | 2011-11-21 14:15:32 -0800 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2011-11-21 14:15:32 -0800 |
commit | 92308c08cfd6608383be7faf90318f620ed5f4dc (patch) | |
tree | dec5b16ea25e70a537e33d152160bb68752d9edb /Bugzilla | |
parent | 2e19756821f33549ea0bb729b1826145ba0a4a67 (diff) | |
download | bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.gz bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.bz2 bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.tar.xz bugs-92308c08cfd6608383be7faf90318f620ed5f4dc.zip |
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
[r=mkanat a=LpSolit]
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/CGI.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index e0e1c40ba..9d8a1c48f 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -306,6 +306,10 @@ sub header { unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); } + # Add X-XSS-Protection header to prevent simple XSS attacks + # and enforce the blocking (rather than the rewriting) mode. + unshift(@_, '-x_xss_protection' => '1; mode=block'); + return $self->SUPER::header(@_) || ""; } |