From: Reed Loden <reed@reedloden.com>
Date: Mon, 21 Nov 2011 22:15:32 +0000 (-0800)
Subject: Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
X-Git-Tag: bugzilla-4.3.1~198
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92308c08cfd6608383be7faf90318f620ed5f4dc;p=thirdparty%2Fbugzilla.git

Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
[r=mkanat a=LpSolit]
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index e0e1c40ba3..9d8a1c48ff 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -306,6 +306,10 @@ sub header {
         unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
     }
 
+    # Add X-XSS-Protection header to prevent simple XSS attacks
+    # and enforce the blocking (rather than the rewriting) mode.
+    unshift(@_, '-x_xss_protection' => '1; mode=block');
+
     return $self->SUPER::header(@_) || "";
 }