From c98de7af2f6328468ae3303a9320d19c1649a9ab Mon Sep 17 00:00:00 2001 From: Steve Riesenberg Date: Mon, 3 Oct 2022 14:31:04 -0500 Subject: [PATCH] Add xss-protection.header-value in 6.0 Issue gh-9631 --- .../security/config/spring-security-6.0.rnc | 3 +++ .../security/config/spring-security-6.0.xsd | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc index 038971e556..047a52c3f8 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc @@ -1270,6 +1270,9 @@ xss-protection.attlist &= xss-protection.attlist &= ## Add mode=block to the header or not, default is on. attribute block {xsd:boolean}? +xss-protection.attlist &= + ## Specify the value for the X-Xss-Protection header. When set, overrides both enabled and block attributes. + attribute header-value {"0"|"1"|"1; mode=block"}? content-type-options = ## Add a X-Content-Type-Options header to the resopnse. Value is always 'nosniff'. diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd index acccfe1410..6d26042745 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd @@ -3559,6 +3559,20 @@ + + + Specify the value for the X-Xss-Protection header. When set, overrides both enabled and + block attributes. + + + + + + + + + +