diff options
author | Ed Tanous <edtanous@google.com> | 2023-06-15 03:11:47 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2023-06-29 18:49:24 +0300 |
commit | d8139c683a2f42c47ed913b731becc6cd681e2dd (patch) | |
tree | f0f628938a887351a41e03130331e02e39e2e95f /src | |
parent | 9dcfe8c1ca70f8ff260aa5613f787d5fa3e7c45d (diff) | |
download | bmcweb-d8139c683a2f42c47ed913b731becc6cd681e2dd.tar.xz |
Update to owasp headers
Change the Cache-Control header to what owasp recommends.
Remove the X-XSS-Protection. This has been removed from Chrome, and is
unimplemented in other browsers[1].
Add:
X-Permitted-Cross-Domain-Policies
Clear-Site-Data
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
And set them to the OWASP recommended values.
Tested: The OWASP Venom test suite now passes more tests.
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Change-Id: I2860041c1037f47bb85a6444cec66960d0aa55f9
Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'src')
0 files changed, 0 insertions, 0 deletions