GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Properly structure X-XSS-Protection header

This commit is contained in:
Evan Prodromou 2011-08-05 10:42:18 -04:00
parent e274ec4900
commit 0502e1d737
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/htmloutputter.php
View File

@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
// Output anti-framing headers to prevent clickjacking (respected by newer
// browsers).
if (common_config('javascript', 'bustframes')) {
header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
}