[
https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772898#comment-16772898
]
Krishna Pandey commented on KNOX-1779:
--------------------------------------
[~krisden] As I started working on this issue, I realized that this header
already exists in functionality but is missing in documentation.
We can enable this by adding below in WebAppSec provider.
{code:java}
<param>
<name>xss.protection.enabled</name>
<value>true</value>
</param>{code}
See sample HTTP Response below with X-XSS-Protection Response Header set.
!Screenshot 2019-02-20 at 4.24.18 PM.png!
> Add HTTP X-XSS-Protection response header support for WebAppSec Provider
> ------------------------------------------------------------------------
>
> Key: KNOX-1779
> URL: https://issues.apache.org/jira/browse/KNOX-1779
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.2.0
> Reporter: Krishna Pandey
> Assignee: Krishna Pandey
> Priority: Critical
> Labels: security
> Fix For: 1.3.0
>
> Attachments: Screenshot 2019-02-20 at 4.24.18 PM.png
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec
> Provider enabling modern web browsers to detect and thwart Cross-site
> Scripting (XSS) attacks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
