Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add X-Xss-Protection headerValue to XML config

Browse Source 
Issue gh-9631
This commit is contained in:
Daniel Garnier-Moiroux
2022-10-03 15:45:17 +02:00
committed by Steve Riesenberg
parent 039e0328e1
commit 0e215a21ad
11 changed files with 281 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
+6
View File
@@ -578,6 +578,12 @@ This indicates to the browser that the page should not be loaded at all.
When false and xss-protection-enabled is true, the page will still be rendered when an reflected attack is detected but the response will be modified to protect against the attack.
Note that there are sometimes ways of bypassing this mode which can often times make blocking the page more desirable.
[[nsa-xss-protection-header-value]]
* **xss-protection-header-value**
Explicitly set the value for https://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] header.
One of: "0", "1", "1; mode=block".
When set, overrides both enabled and block attributes.
[[nsa-xss-protection-parents]]
=== Parent Elements of <xss-protection>