You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/12/14 19:09:36 UTC
[Bug 58735] New: Add support for X-XSS-Protection header
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
Bug ID: 58735
Summary: Add support for X-XSS-Protection header
Product: Tomcat 9
Version: 9.0.0.M1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: jacopo.cappellato@gmail.com
Created attachment 33349
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33349&action=edit
The patch that implements this feature.
The Tomcat's HttpHeaderSecurityFilter allows to set useful security related
headers but it doesn't support the X-XSS-Protection header:
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
The attached patch enhance the filter to support this header.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
Ralf Hauser <ha...@acm.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hauser@acm.org
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
Sergey <va...@live.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vaysman@live.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Patch applied to 9.0.x for 9.0.0.M2 onwards, 8.0.x for 8.0.31 onwards and 7.0.x
for 7.0.68 onwards.
Thanks for the patch.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
--- Comment #2 from Jacopo Cappellato <ja...@gmail.com> ---
Created attachment 33379
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33379&action=edit
Updated patch with filter's documentation
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Some documentation would be nice:
webapps/docs/config/filter.xml
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58735] Add support for X-XSS-Protection header
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58735
--- Comment #4 from Ralf Hauser <ha...@acm.org> ---
see also Bug 59754
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org