[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772898#comment-16772898 ] Krishna Pandey commented on KNOX-1779: -- [~krisden] As I started working on this issue, I realized that this header already exists in functionality but is missing in documentation. We can enable this by adding below in WebAppSec provider. {code:java} xss.protection.enabled true {code} See sample HTTP Response below with X-XSS-Protection Response Header set. !Screenshot 2019-02-20 at 4.24.18 PM.png! > Add HTTP X-XSS-Protection response header support for WebAppSec Provider > > > Key: KNOX-1779 > URL: https://issues.apache.org/jira/browse/KNOX-1779 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 1.2.0 >Reporter: Krishna Pandey >Assignee: Krishna Pandey >Priority: Critical > Labels: security > Fix For: 1.3.0 > > Attachments: Screenshot 2019-02-20 at 4.24.18 PM.png > > Original Estimate: 168h > Remaining Estimate: 168h > > Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec > Provider enabling modern web browsers to detect and thwart Cross-site > Scripting (XSS) attacks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772542#comment-16772542 ] Krishna Pandey commented on KNOX-1779: -- [~krisden] I intend to provide a patch shortly. > Add HTTP X-XSS-Protection response header support for WebAppSec Provider > > > Key: KNOX-1779 > URL: https://issues.apache.org/jira/browse/KNOX-1779 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 1.2.0 >Reporter: Krishna Pandey >Assignee: Krishna Pandey >Priority: Critical > Labels: security > Fix For: 1.3.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec > Provider enabling modern web browsers to detect and thwart Cross-site > Scripting (XSS) attacks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1779) Add HTTP X-XSS-Protection response header support for WebAppSec Provider
[ https://issues.apache.org/jira/browse/KNOX-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772372#comment-16772372 ] Kevin Risden commented on KNOX-1779: [~kpandey] - Thanks for this ticket. I see you have assigned it to yourself. Are you planning to provide a patch for this? > Add HTTP X-XSS-Protection response header support for WebAppSec Provider > > > Key: KNOX-1779 > URL: https://issues.apache.org/jira/browse/KNOX-1779 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 1.2.0 >Reporter: Krishna Pandey >Assignee: Krishna Pandey >Priority: Critical > Labels: security > Fix For: 1.3.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec > Provider enabling modern web browsers to detect and thwart Cross-site > Scripting (XSS) attacks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)