You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Krishna Pandey (JIRA)" <ji...@apache.org> on 2019/02/20 11:03:00 UTC

[jira] [Comment Edited] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider

    [ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772898#comment-16772898 ] 

Krishna Pandey edited comment on KNOX-1779 at 2/20/19 11:02 AM:
----------------------------------------------------------------

[~krisden] As I started working on this issue, I realized that this header already exists in functionality but is missing in documentation.

We can enable this by adding below in WebAppSec provider.
{code:java}
<param>
      <name>xss.protection.enabled</name>
      <value>true</value>
</param>{code}
 

See sample HTTP Response below with X-XSS-Protection Response Header set.

!Screenshot 2019-02-20 at 4.24.18 PM.png|height=80%,width=80%!


was (Author: kpandey):
[~krisden] As I started working on this issue, I realized that this header already exists in functionality but is missing in documentation.

We can enable this by adding below in WebAppSec provider.
{code:java}
<param>
      <name>xss.protection.enabled</name>
      <value>true</value>
</param>{code}
 

See sample HTTP Response below with X-XSS-Protection Response Header set.

!Screenshot 2019-02-20 at 4.24.18 PM.png!

> Add HTTP X-XSS-Protection response header support for WebAppSec Provider
> ------------------------------------------------------------------------
>
>                 Key: KNOX-1779
>                 URL: https://issues.apache.org/jira/browse/KNOX-1779
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.2.0
>            Reporter: Krishna Pandey
>            Assignee: Krishna Pandey
>            Priority: Critical
>              Labels: security
>             Fix For: 1.3.0
>
>         Attachments: Screenshot 2019-02-20 at 4.24.18 PM.png
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec Provider enabling modern web browsers to detect and thwart Cross-site Scripting (XSS) attacks.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)