secure_headers icon indicating copy to clipboard operation
secure_headers copied to clipboard
verified publisher icon github

Update default X-XSS-Protection value to 0

Open rzhade3 opened this issue 3 years ago • 2 comments

This PR updates the default value of the X-XSS-Protection header to 0. There's further discussion here about the reasons for this: https://github.com/github/secure_headers/issues/439.

All PRs:

  • [x] Has tests
  • [x] Documentation updated

Closes https://github.com/github/secure_headers/issues/439

rzhade3 avatar Apr 01 '22 18:04 rzhade3

This is probably a good change to take but likely only for the next major release of this gem - as @oreoshake pointed out this is a breaking change. Maybe we can start gathering some thoughts on what the next major release should look like.

vcsjones avatar Apr 01 '22 19:04 vcsjones

Howdy @JackMc! Any updates on when we might be able to expect a new major release being cut with this in it?

richter-alex avatar Feb 21 '23 22:02 richter-alex