Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x'

Browse Source
This commit is contained in:
Steve Riesenberg
2022-10-03 14:29:51 -05:00
parent ad2abd39dc 0e215a21ad
commit 7c3cc1e386
11 changed files with 281 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
+6
View File
@@ -577,6 +577,12 @@ This indicates to the browser that the page should not be loaded at all.
When false and xss-protection-enabled is true, the page will still be rendered when an reflected attack is detected but the response will be modified to protect against the attack.
Note that there are sometimes ways of bypassing this mode which can often times make blocking the page more desirable.
[[nsa-xss-protection-header-value]]
* **xss-protection-header-value**
Explicitly set the value for https://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] header.
One of: "0", "1", "1; mode=block".
When set, overrides both enabled and block attributes.
[[nsa-xss-protection-parents]]
=== Parent Elements of <xss-protection>