Closed Bug 1241814 Opened 8 years ago Closed 8 years ago

Add X-XSS-Protection: 1; mode=block to AMO

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: scolville, Assigned: jason)

Details

scolville@mozilla.com

Reporter

Description

•

8 years ago

As per the recommendation in https://github.com/mozilla/olympia/issues/995#issuecomment-173380022

Please can we add the header "X-XSS-Protection: 1; mode=block" header for AMO.

The header is only currently supported by IE, Chrome/Webkit presently but we may as well provide more layers for user-agents where supported.

Related info is here: https://www.veracode.co.uk/blog/2014/03/guidelines-for-setting-security-headers

Jason Thomas [:jason]

Assignee

Comment 1

•

8 years ago

As per our IRC conversation we are going to look at django-secure instead of putting these in nginx since it supports X-XSS-Protection, http://django-secure.readthedocs.org/en/v0.1.2/middleware.html#x-xss-protection-1-mode-block.

Assignee: nobody → jthomas

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → WONTFIX

scolville@mozilla.com

Reporter

Comment 2

•

8 years ago

See https://github.com/mozilla/olympia/issues/1511

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Add X-XSS-Protection: 1; mode=block to AMO

Categories

(Cloud Services :: Operations: AMO, task)

Tracking

(Not tracked)

People

(Reporter: scolville, Assigned: jason)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2