Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-61737

Remove X-XSS-Protection header

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • 4.17.z
    • 4.20
    • Management Console
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • In Progress
    • Release Note Not Required
    • N/A
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-61697. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-60279. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-60130. The following is the description of the original issue:

      Description of problem:

      We should not set the X-XSS-Protection header. That header is now deprecated and should not be set. 

See: https://github.com/openshift/console/issues/15344  

      How reproducible:

      Always

      Actual results:

      X-XSS-Protection is set as: ("X-XSS-Protection", "1; mode=block")

      Expected results:

      Remove setting the X-XSS-Protection header in totality

      Additional info:

      https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection

              jhadvig@redhat.com Jakub Hadvig
              jforce1 James Force
              None
              None
              Yanping Zhang Yanping Zhang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: