orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove X-XSS-Protection suggestion

Browse source
This commit is contained in:
Cameron Dahl 2021-12-30 23:08:49 -06:00 committed by David Lord
parent 981a94df68
commit 08ad8aabfe
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
1 changed files with 0 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/security.rst
View file

@ -173,18 +173,6 @@ invisibly to clicks on your page's elements. This is also known as
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
X-XSS-Protection
~~~~~~~~~~~~~~~~
The browser will try to prevent reflected XSS attacks by not loading the page
if the request contains something that looks like JavaScript and the response
contains the same data. ::
response.headers['X-XSS-Protection'] = '1; mode=block'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
.. _security-cookie: .. _security-cookie:
Set-Cookie options Set-Cookie options