forked from GNUsocial/gnu-social
Properly structure X-XSS-Protection header
This commit is contained in:
parent
e274ec4900
commit
0502e1d737
@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
|
||||
// Output anti-framing headers to prevent clickjacking (respected by newer
|
||||
// browsers).
|
||||
if (common_config('javascript', 'bustframes')) {
|
||||
header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
|
||||
header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
|
||||
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user