You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Krishna Pandey (JIRA)" <ji...@apache.org> on 2019/02/20 11:03:00 UTC
[jira] [Comment Edited] (KNOX-1779) Add HTTP X-XSS-Protection
response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772898#comment-16772898 ]
Krishna Pandey edited comment on KNOX-1779 at 2/20/19 11:02 AM:
----------------------------------------------------------------
[~krisden] As I started working on this issue, I realized that this header already exists in functionality but is missing in documentation.
We can enable this by adding below in WebAppSec provider.
{code:java}
<param>
<name>xss.protection.enabled</name>
<value>true</value>
</param>{code}
See sample HTTP Response below with X-XSS-Protection Response Header set.
!Screenshot 2019-02-20 at 4.24.18 PM.png|height=80%,width=80%!
was (Author: kpandey):
[~krisden] As I started working on this issue, I realized that this header already exists in functionality but is missing in documentation.
We can enable this by adding below in WebAppSec provider.
{code:java}
<param>
<name>xss.protection.enabled</name>
<value>true</value>
</param>{code}
See sample HTTP Response below with X-XSS-Protection Response Header set.
!Screenshot 2019-02-20 at 4.24.18 PM.png!
> Add HTTP X-XSS-Protection response header support for WebAppSec Provider
> ------------------------------------------------------------------------
>
> Key: KNOX-1779
> URL: https://issues.apache.org/jira/browse/KNOX-1779
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.2.0
> Reporter: Krishna Pandey
> Assignee: Krishna Pandey
> Priority: Critical
> Labels: security
> Fix For: 1.3.0
>
> Attachments: Screenshot 2019-02-20 at 4.24.18 PM.png
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec Provider enabling modern web browsers to detect and thwart Cross-site Scripting (XSS) attacks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)