Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update default X-XSS-Protection value to 0 #479

Merged
merged 3 commits into from
Aug 9, 2024

Conversation

rzhade3
Copy link
Contributor

@rzhade3 rzhade3 commented Apr 1, 2022

This PR updates the default value of the X-XSS-Protection header to 0. There's further discussion here about the reasons for this: #439.

All PRs:

  • Has tests
  • Documentation updated

Closes #439

@rzhade3 rzhade3 requested review from JackMc and vcsjones April 1, 2022 19:00
@vcsjones
Copy link
Member

vcsjones commented Apr 1, 2022

This is probably a good change to take but likely only for the next major release of this gem - as @oreoshake pointed out this is a breaking change. Maybe we can start gathering some thoughts on what the next major release should look like.

@JackMc JackMc mentioned this pull request Apr 4, 2022
Copy link
Contributor

@JackMc JackMc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that this would be a good change and should be merged as part of the next major version. I started a tracking issue to collect all the things that would go into that version: #480.

@JackMc JackMc removed the request for review from vcsjones April 22, 2022 13:46
@lgarron lgarron added this to the v7 milestone Jan 4, 2023
@richter-alex
Copy link

Howdy @JackMc! Any updates on when we might be able to expect a new major release being cut with this in it?

@rzhade3 rzhade3 merged commit cf56fc9 into main Aug 9, 2024
14 checks passed
@rzhade3 rzhade3 deleted the update-default-xss-protection branch August 9, 2024 00:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Should x-xss-protection default to “0” instead of “1; mode=block”
6 participants