Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking

author Reed Loden <reed@reedloden.com>

Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)

committer Reed Loden <reed@reedloden.com>

Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)
author Reed Loden <reed@reedloden.com>
Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)
committer Reed Loden <reed@reedloden.com>
Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm

index a16ae6686573ccc288aebb6b5f949a977720174c..4dd223a3108aeabd1c546385bd6ab139356f67f0 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -316,6 +316,10 @@ sub header {
          unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
      }
  
+    # Add X-XSS-Protection header to prevent simple XSS attacks
+    # and enforce the blocking (rather than the rewriting) mode.
+    unshift(@_, '-x_xss_protection' => '1; mode=block');
+
      # Add X-Content-Type-Options header to prevent browsers sniffing
      # the MIME type away from the declared Content-Type.
      unshift(@_, '-x_content_type_options' => 'nosniff');
author	Reed Loden <reed@reedloden.com>
	Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)
committer	Reed Loden <reed@reedloden.com>
	Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)