GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Properly structure X-XSS-Protection header

Browse Source
This commit is contained in:
Evan Prodromou 2011-08-05 10:42:18 -04:00
parent e274ec4900
commit 0502e1d737
1 changed files with 1 additions and 1 deletions

2
lib/htmloutputter.php

@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
// Output anti-framing headers to prevent clickjacking (respected by newer // Output anti-framing headers to prevent clickjacking (respected by newer
// browsers). // browsers).
if (common_config('javascript', 'bustframes')) { if (common_config('javascript', 'bustframes')) {
header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
} }