summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEd Tanous <edtanous@google.com>2023-06-15 03:11:47 +0300
committerEd Tanous <ed@tanous.net>2023-06-29 18:49:24 +0300
commitd8139c683a2f42c47ed913b731becc6cd681e2dd (patch)
treef0f628938a887351a41e03130331e02e39e2e95f /src
parent9dcfe8c1ca70f8ff260aa5613f787d5fa3e7c45d (diff)
downloadbmcweb-d8139c683a2f42c47ed913b731becc6cd681e2dd.tar.xz
Update to owasp headers
Change the Cache-Control header to what owasp recommends. Remove the X-XSS-Protection. This has been removed from Chrome, and is unimplemented in other browsers[1]. Add: X-Permitted-Cross-Domain-Policies Clear-Site-Data Cross-Origin-Embedder-Policy Cross-Origin-Opener-Policy Cross-Origin-Resource-Policy And set them to the OWASP recommended values. Tested: The OWASP Venom test suite now passes more tests. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection Change-Id: I2860041c1037f47bb85a6444cec66960d0aa55f9 Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'src')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-01 17:31:39 +0300