[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[
https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772898#comment-16772898
]
Krishna Pandey commented on KNOX-1779:
--
[~krisden] As I started working on this issue, I realized that this header
already exists in functionality but is missing in documentation.
We can enable this by adding below in WebAppSec provider.
{code:java}
xss.protection.enabled
true
{code}
See sample HTTP Response below with X-XSS-Protection Response Header set.
!Screenshot 2019-02-20 at 4.24.18 PM.png!
> Add HTTP X-XSS-Protection response header support for WebAppSec Provider
>
>
> Key: KNOX-1779
> URL: https://issues.apache.org/jira/browse/KNOX-1779
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
>Affects Versions: 1.2.0
>Reporter: Krishna Pandey
>Assignee: Krishna Pandey
>Priority: Critical
> Labels: security
> Fix For: 1.3.0
>
> Attachments: Screenshot 2019-02-20 at 4.24.18 PM.png
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec
> Provider enabling modern web browsers to detect and thwart Cross-site
> Scripting (XSS) attacks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772542#comment-16772542 ] Krishna Pandey commented on KNOX-1779: -- [~krisden] I intend to provide a patch shortly. > Add HTTP X-XSS-Protection response header support for WebAppSec Provider > > > Key: KNOX-1779 > URL: https://issues.apache.org/jira/browse/KNOX-1779 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 1.2.0 >Reporter: Krishna Pandey >Assignee: Krishna Pandey >Priority: Critical > Labels: security > Fix For: 1.3.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec > Provider enabling modern web browsers to detect and thwart Cross-site > Scripting (XSS) attacks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772372#comment-16772372 ] Kevin Risden commented on KNOX-1779: [~kpandey] - Thanks for this ticket. I see you have assigned it to yourself. Are you planning to provide a patch for this? > Add HTTP X-XSS-Protection response header support for WebAppSec Provider > > > Key: KNOX-1779 > URL: https://issues.apache.org/jira/browse/KNOX-1779 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 1.2.0 >Reporter: Krishna Pandey >Assignee: Krishna Pandey >Priority: Critical > Labels: security > Fix For: 1.3.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec > Provider enabling modern web browsers to detect and thwart Cross-site > Scripting (XSS) attacks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
