Closed
Bug 1241814
Opened 9 years ago
Closed 9 years ago
Add X-XSS-Protection: 1; mode=block to AMO
Categories
(Cloud Services :: Operations: AMO, task)
Cloud Services
Operations: AMO
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: muffinresearch, Assigned: jason)
Details
As per the recommendation in https://github.com/mozilla/olympia/issues/995#issuecomment-173380022
Please can we add the header "X-XSS-Protection: 1; mode=block" header for AMO.
The header is only currently supported by IE, Chrome/Webkit presently but we may as well provide more layers for user-agents where supported.
Related info is here: https://www.veracode.co.uk/blog/2014/03/guidelines-for-setting-security-headers
Assignee | ||
Comment 1•9 years ago
|
||
As per our IRC conversation we are going to look at django-secure instead of putting these in nginx since it supports X-XSS-Protection, http://django-secure.readthedocs.org/en/v0.1.2/middleware.html#x-xss-protection-1-mode-block.
Assignee: nobody → jthomas
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 2•9 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•