Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking

author Reed Loden <reed@reedloden.com>

Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)

committer Reed Loden <reed@reedloden.com>

Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)
author Reed Loden <reed@reedloden.com>
Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)
committer Reed Loden <reed@reedloden.com>
Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm

index e0e1c40ba33ec8017d246f10ce471410cf12807a..9d8a1c48ffc0955b9c2081f0228e569cd0f6f3fe 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -306,6 +306,10 @@ sub header {
          unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
      }
  
+    # Add X-XSS-Protection header to prevent simple XSS attacks
+    # and enforce the blocking (rather than the rewriting) mode.
+    unshift(@_, '-x_xss_protection' => '1; mode=block');
+
      return $self->SUPER::header(@_) || "";
  }
author	Reed Loden <reed@reedloden.com>
	Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)
committer	Reed Loden <reed@reedloden.com>
	Mon, 21 Nov 2011 22:15:32 +0000 (14:15 -0800)