[KNOX-1779] Add HTTP X-XSS-Protection response header support for WebAppSec Provider - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: 1.1.0
Component/s: Server
Labels:
- security

Flags:

Important
Docs Text:

Hide
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Syntax
X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=<reporting-uri>

Read more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Show
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Syntax X-XSS-Protection: 0 X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; report=<reporting-uri> Read more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Description

Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec Provider enabling modern web browsers to detect and thwart Cross-site Scripting (XSS) attacks.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Screenshot 2019-02-20 at 4.24.18 PM.png
20/Feb/19 10:58
174 kB
Krishna Pandey

Issue Links

duplicates

KNOX-1211 Admin UI XSS/XSRF Protection

Closed

relates to

KNOX-1788 Add HTTP X-XSS-Protection to WebAppSec provider config wizard

Resolved

Activity

People

Assignee:: Krishna Pandey

Reporter:: Krishna Pandey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Feb/19 05:43

Updated:: 28/Mar/19 14:05

Resolved:: 20/Feb/19 14:51

Time Tracking

Estimated:

168h

Remaining:

168h

Logged:

Not Specified