Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove test for X-XSS-Protection #456

Closed
baknu opened this issue May 15, 2020 · 3 comments
Closed

Remove test for X-XSS-Protection #456

baknu opened this issue May 15, 2020 · 3 comments
Assignees
@gthess
Labels
enhancement
Milestone
v1.2

Comments

@baknu
Copy link
Contributor

baknu commented May 15, 2020

Most browsers have deprecated support for X-XSS-Protection:

Furthermore implementations can be vulnerable for cross-site leak attacks:

Website owners should use Content-Security-Policy (CSP) without allowing unsafe-inline scripts instead.

Proposal: remove test for X-XSS-Protection
@gthess
Copy link
Collaborator

gthess commented May 18, 2020

Clashes with #441.

@baknu
Copy link
Contributor Author

baknu commented May 18, 2020

Ok. Given the above (very little support, possible vulnerabilitty and CSP alternative), I suggest to just remove this test and not make it optional.

@gthess gthess added this to the v1.2 milestone Jun 11, 2020
@gthess
Copy link
Collaborator

gthess commented Jul 13, 2020

Fixed on 3c3a35f

@gthess gthess closed this as completed Jul 13, 2020
@stitch stitch mentioned this issue Oct 28, 2020
Closed
@mxsasha mxsasha mentioned this issue Aug 16, 2022
Closed
3 tasks
@mxsasha mxsasha mentioned this issue Oct 25, 2022
Merged
@baknu baknu mentioned this issue Dec 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gthess gthess

Labels
enhancement
Milestone
v1.2
Development

No branches or pull requests
2 participants
@baknu @gthess