paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-25 00:53:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Set X-XSS-Protection: 1; mode=block.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg
2020-04-03 18:55:41 -07:00
committed by Tim Abbott
parent 79c215626e
commit 15d68c40dd
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
puppet/zulip/files/nginx/zulip-include-common/headers
View File

@@ -5,3 +5,4 @@ add_header Strict-Transport-Security max-age=15768000 always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

2
tools/ci/success-http-headers.txt
View File

@@ -10,6 +10,7 @@ WARNING: no certificate subject alternative name matches
Strict-Transport-Security: max-age=15768000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Location: /login/ [following]
Reusing existing connection to localhost:443.
HTTP/1.1 200 OK
@@ -20,6 +21,7 @@ Reusing existing connection to localhost:443.
Strict-Transport-Security: max-age=15768000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Length: 6361 (6.2K) [text/html]
Saving to: /tmp/index.html