Update default X-XSS-Protection value to 0 (#479)
This PR updates the default value of the `X-XSS-Protection` header to 0. There's further discussion here about the reasons for this: https://github.com/github/secure_headers/issues/439. ## All PRs: * [x] Has tests * [x] Documentation updated Closes https://github.com/github/secure_headers/issues/439
This commit is contained in:
Родитель
b122c2fa39
Коммит
cf56fc9182
|
@ -105,7 +105,7 @@ X-Content-Type-Options: nosniff
|
|||
X-Download-Options: noopen
|
||||
X-Frame-Options: sameorigin
|
||||
X-Permitted-Cross-Domain-Policies: none
|
||||
X-Xss-Protection: 1; mode=block
|
||||
X-Xss-Protection: 0
|
||||
```
|
||||
|
||||
## API configurations
|
||||
|
|
|
@ -3,7 +3,7 @@ module SecureHeaders
|
|||
class XXssProtectionConfigError < StandardError; end
|
||||
class XXssProtection
|
||||
HEADER_NAME = "X-XSS-Protection".freeze
|
||||
DEFAULT_VALUE = "1; mode=block"
|
||||
DEFAULT_VALUE = "0".freeze
|
||||
VALID_X_XSS_HEADER = /\A[01](; mode=block)?(; report=.*)?\z/
|
||||
|
||||
class << self
|
||||
|
|
Загрузка…
Ссылка в новой задаче