mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-10 15:32:05 -03:30
Remove X-XSS-Protection header (#36881)
Closes #21728 Signed-off-by: akbarhusainpatel <apatel@intermiles.com>
This commit is contained in:
Akbar Husain
GitHub
parent
40e8c0eba3
commit
9d3cfe0672
@ -58,3 +58,8 @@ link:{grafanadashboards_link}[The guide] contains two dashboards.
|
||||
* Keycloak troubleshooting dashboard - showing metrics related to service level indicators and troubleshooting.
|
||||
* Keycloak capacity planning dashboard - showing metrics related to estimating the load handled by Keycloak.
|
||||
|
||||
= Removal of the `X-XSS-Protection` header
|
||||
|
||||
Because the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection[`X-XSS-Protection` header] is no longer supported by any user agents that are supported by Keycloak, it has been removed. This header was a feature of Internet Explorer, Chrome, and Safari that stopped pages from loading when they detected reflected cross-site scripting (XSS) attacks.
|
||||
|
||||
We don't expect that this will impact any deployments due to the lack of support in user agents, as well as this feature being supplanted by https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP[Content Security Policy (CSP)].
|
||||
|
||||
@ -165,10 +165,6 @@ describe("Realm settings tabs tests", () => {
|
||||
);
|
||||
cy.findByTestId("browserSecurityHeaders.xRobotsTag").clear();
|
||||
cy.findByTestId("browserSecurityHeaders.xRobotsTag").type("none");
|
||||
cy.findByTestId("browserSecurityHeaders.xXSSProtection").clear();
|
||||
cy.findByTestId("browserSecurityHeaders.xXSSProtection").type(
|
||||
"1; mode=block",
|
||||
);
|
||||
cy.findByTestId("browserSecurityHeaders.strictTransportSecurity").clear();
|
||||
cy.findByTestId("browserSecurityHeaders.strictTransportSecurity").type(
|
||||
"max-age=31537000",
|
||||
|
||||
@ -473,7 +473,6 @@ contentSecurityPolicyHelp=Der Standardwert verhindert, dass Seiten von iframes,
|
||||
contentSecurityPolicyReportOnlyHelp=Zum Testen von Content Security Policies <1>Mehr erfahren</1>
|
||||
xContentTypeOptionsHelp=Der Standardwert verhindert, dass Internet Explorer und Google Chrome eine Antwort abseits des deklarierten Content-Types <1>Erfahren Sie mehr</1> MIME-sniffing
|
||||
xRobotsTagHelp=Verhindern, dass Seiten in Suchmaschinen auftauchen <1>Mehr erfahren</1>
|
||||
xXSSProtectionHelp=Dieser Header konfiguriert den Cross-Site-Scripting-Filter (XSS) in Ihrem Browser. Mit dem Standardverhalten verhindert der Browser das Rendern der Seite, wenn ein XSS-Angriff erkannt wird. <1>Mehr erfahren</1>
|
||||
strictTransportSecurityHelp=Der HTTP-Header Strict-Transport-Security weist die Browser an, immer HTTPS zu verwenden. Sobald ein Browser diesen Header sieht, wird er die Website nur noch über HTTPS für die angegebene Zeit (1 Jahr) bei max-age besuchen, einschließlich der Subdomains. <1>Mehr erfahren</1>
|
||||
refreshTokenMaxReuse=Refresh-Token maximale Wiederverwendung
|
||||
refreshTokenMaxReuseHelp=Maximale Anzahl der Wiederverwendung eines Refresh-Tokens. Wenn ein anderes Token verwendet wird, erfolgt der Widerruf sofort.
|
||||
|
||||
@ -2031,7 +2031,6 @@ targetClaim=Atributo de destino
|
||||
assignRole=Asignar rol
|
||||
accessSettings=Configuraciones de acceso
|
||||
updateFlowSuccess=Flujo actualizado con éxito
|
||||
xXSSProtectionHelp=Este encabezado configura el filtro contra scripting entre sitios (XSS) en tu navegador. Utilizando el comportamiento predeterminado, el navegador evitará la representación de la página cuando detecte un ataque XSS. <1>Más información</1>
|
||||
authenticatedAccessPolicies=Políticas de acceso autenticado
|
||||
addExecutor=Agregar ejecutor
|
||||
selectIfResourceExists=Si un recurso ya existe, especifica qué se debe hacer
|
||||
@ -2177,7 +2176,6 @@ rootURLHelp=URL raíz añadida a URLs relativas
|
||||
anonymousAccessPolicies=Políticas de acceso anónimo
|
||||
createResourceBasedPermission=Crear permiso basado en recurso
|
||||
searchForRole=Buscar rol
|
||||
xXSSProtection=Protección X-XSS
|
||||
debugHelp=Habilitar/deshabilitar el registro de depuración en la salida estándar para Krb5LoginModule.
|
||||
validatorColNames.colConfig=Configuración
|
||||
createClient=Crear cliente
|
||||
|
||||
@ -410,7 +410,6 @@ otpTypeHelp=「totp」はタイムベースのワンタイム・パスワード
|
||||
keyForCodeExchange=Proof Key for Code Exchangeのコードチャレンジ方式
|
||||
endpointsHelp=プロトコル・エンドポイントの設定を表示します。
|
||||
useKerberosForPasswordAuthentication=パスワード認証にKerberosを使用
|
||||
xXSSProtection=X-XSS-Protection
|
||||
debugHelp=Krb5LoginModuleの標準出力へのデバッグロギングの有効/無効を設定します。
|
||||
validatorColNames.colConfig=設定
|
||||
nodeHost=ノードホスト
|
||||
|
||||
@ -321,7 +321,6 @@ target=სამიზნე
|
||||
browse=პოვნა
|
||||
mappers=ამსახველები
|
||||
user=მომხმარებელი
|
||||
xXSSProtection=X-XSS-Protection
|
||||
Thursday=ხუთშაბათი
|
||||
annotations=ანოტაციები
|
||||
ms=მილიწამი
|
||||
|
||||
@ -2133,7 +2133,6 @@ targetClaim=Roszczenie docelowe
|
||||
assignRole=Przypisz rolę
|
||||
accessSettings=Ustawienia dostępu
|
||||
updateFlowSuccess=Zaktualizowano przepływ pomyślnie
|
||||
xXSSProtectionHelp=Ten nagłówek konfiguruje filtr przeciwdziałania atakom typu Cross-Site Scripting (XSS) w przeglądarce. Korzystając z zachowania domyślnego, przeglądarka będzie zapobiegać renderowaniu strony, gdy zostanie wykryty atak XSS. <1>Dowiedz się więcej</1>
|
||||
authenticatedAccessPolicies=Polityki dostępu uwierzytelnionego
|
||||
addExecutor=Dodaj wykonawcę
|
||||
selectIfResourceExists=Jeśli zasób już istnieje, określ, co należy zrobić
|
||||
@ -2279,7 +2278,6 @@ rootURLHelp=Adres URL główny dołączany do adresów URL względnych
|
||||
anonymousAccessPolicies=Polityki dostępu anonimowego
|
||||
createResourceBasedPermission=Utwórz uprawnienia oparte na zasobach
|
||||
searchForRole=Wyszukaj rolę
|
||||
xXSSProtection=X-XSS-Protection
|
||||
debugHelp=Włącz / wyłącz debugowanie do standardowego wyjścia dla Krb5LoginModule.
|
||||
validatorColNames.colConfig=Konfiguracja
|
||||
createClient=Utwórz klienta
|
||||
|
||||
@ -2011,7 +2011,6 @@ targetClaim=目标声明
|
||||
assignRole=分配角色
|
||||
accessSettings=访问设置
|
||||
updateFlowSuccess=流程更新成功
|
||||
xXSSProtectionHelp=此标头在您的浏览器中配置跨站点脚本 (XSS) 过滤器。使用默认行为,浏览器将在检测到 XSS 攻击时阻止呈现页面。<1>了解更多</1>
|
||||
authenticatedAccessPolicies=经过身份验证的访问策略
|
||||
addExecutor=添加执行器
|
||||
selectIfResourceExists=如果资源已存在,请指定应采取的操作
|
||||
@ -2150,7 +2149,6 @@ client-scopes-condition.tooltip=预期的客户端范围列表。如果指定的
|
||||
anonymousAccessPolicies=匿名访问策略
|
||||
createResourceBasedPermission=创建基于资源的权限
|
||||
searchForRole=搜索角色
|
||||
xXSSProtection=X-XSS-保护
|
||||
debugHelp=为 Krb5LoginModule 启用/禁用调试日志记录到标准输出。
|
||||
validatorColNames.colConfig=设置
|
||||
createClient=创建客户端
|
||||
|
||||
@ -2134,7 +2134,6 @@ targetClaim=Target claim
|
||||
assignRole=Assign role
|
||||
accessSettings=Access settings
|
||||
updateFlowSuccess=Flow successfully updated
|
||||
xXSSProtectionHelp=This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behaviour, the browser will prevent rendering of the page when a XSS attack is detected. <1>Learn more</1>
|
||||
authenticatedAccessPolicies=Authenticated access polices
|
||||
addExecutor=Add executor
|
||||
selectIfResourceExists=If a resource already exists, specify what should be done
|
||||
@ -2280,7 +2279,6 @@ rootURLHelp=Root URL appended to relative URLs
|
||||
anonymousAccessPolicies=Anonymous access polices
|
||||
createResourceBasedPermission=Create resource-based permission
|
||||
searchForRole=Search role
|
||||
xXSSProtection=X-XSS-Protection
|
||||
debugHelp=Enable/disable debug logging to standard output for Krb5LoginModule.
|
||||
validatorColNames.colConfig=Config
|
||||
createClient=Create client
|
||||
|
||||
@ -48,10 +48,6 @@ export const HeadersForm = ({ realm, save }: HeadersFormProps) => {
|
||||
fieldName="browserSecurityHeaders.xRobotsTag"
|
||||
url="https://developers.google.com/search/docs/advanced/robots/robots_meta_tag"
|
||||
/>
|
||||
<HelpLinkTextInput
|
||||
fieldName="browserSecurityHeaders.xXSSProtection"
|
||||
url="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"
|
||||
/>
|
||||
<HelpLinkTextInput
|
||||
fieldName="browserSecurityHeaders.strictTransportSecurity"
|
||||
url="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security"
|
||||
|
||||
@ -0,0 +1,57 @@
|
||||
/*
|
||||
* Copyright 2025 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.migration.migrators;
|
||||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.migration.ModelVersion;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
|
||||
public class MigrateTo26_2_0 implements Migration {
|
||||
|
||||
public static final ModelVersion VERSION = new ModelVersion("26.2.0");
|
||||
|
||||
private static final Logger LOG = Logger.getLogger(MethodHandles.lookup().lookupClass());
|
||||
|
||||
@Override
|
||||
public ModelVersion getVersion() {
|
||||
return VERSION;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void migrate(KeycloakSession session) {
|
||||
session.realms().getRealmsStream().forEach(this::migrateRealm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
|
||||
migrateRealm(realm);
|
||||
}
|
||||
|
||||
private void migrateRealm(RealmModel realm) {
|
||||
// Removes _browser_header.xXSSProtection attribute
|
||||
var headers = new HashMap<>(realm.getBrowserSecurityHeaders());
|
||||
headers.remove("xXSSProtection");
|
||||
realm.setBrowserSecurityHeaders(Collections.unmodifiableMap(headers));
|
||||
}
|
||||
}
|
||||
@ -42,6 +42,7 @@ import org.keycloak.migration.migrators.MigrateTo24_0_3;
|
||||
import org.keycloak.migration.migrators.MigrateTo25_0_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo26_0_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo26_1_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo26_2_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo2_0_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo2_1_0;
|
||||
import org.keycloak.migration.migrators.MigrateTo2_2_0;
|
||||
@ -123,6 +124,7 @@ public class DefaultMigrationManager implements MigrationManager {
|
||||
new MigrateTo25_0_0(),
|
||||
new MigrateTo26_0_0(),
|
||||
new MigrateTo26_1_0(),
|
||||
new MigrateTo26_2_0(),
|
||||
};
|
||||
|
||||
private final KeycloakSession session;
|
||||
|
||||
@ -1193,7 +1193,6 @@ spec:
|
||||
xRobotsTag: none
|
||||
xFrameOptions: SAMEORIGIN
|
||||
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
|
||||
xXSSProtection: 1; mode=block
|
||||
strictTransportSecurity: max-age=31536000; includeSubDomains
|
||||
smtpServer: {}
|
||||
eventsEnabled: false
|
||||
|
||||
@ -1074,7 +1074,6 @@ spec:
|
||||
xRobotsTag: none
|
||||
xFrameOptions: SAMEORIGIN
|
||||
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
|
||||
xXSSProtection: 1; mode=block
|
||||
strictTransportSecurity: max-age=31536000; includeSubDomains
|
||||
smtpServer: {}
|
||||
eventsEnabled: false
|
||||
|
||||
@ -1070,7 +1070,6 @@ spec:
|
||||
xRobotsTag: none
|
||||
xFrameOptions: SAMEORIGIN
|
||||
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
|
||||
xXSSProtection: 1; mode=block
|
||||
strictTransportSecurity: max-age=31536000; includeSubDomains
|
||||
smtpServer: {}
|
||||
eventsEnabled: false
|
||||
|
||||
@ -28,7 +28,6 @@ public enum BrowserSecurityHeaders {
|
||||
CONTENT_SECURITY_POLICY_REPORT_ONLY("contentSecurityPolicyReportOnly", "Content-Security-Policy-Report-Only", ""),
|
||||
X_CONTENT_TYPE_OPTIONS("xContentTypeOptions", "X-Content-Type-Options", "nosniff"),
|
||||
X_ROBOTS_TAG("xRobotsTag", "X-Robots-Tag", "none"),
|
||||
X_XSS_PROTECTION("xXSSProtection", "X-XSS-Protection", "1; mode=block"),
|
||||
STRICT_TRANSPORT_SECURITY("strictTransportSecurity", "Strict-Transport-Security", "max-age=31536000; includeSubDomains"),
|
||||
REFERRER_POLICY("referrerPolicy", "Referrer-Policy", "no-referrer");
|
||||
|
||||
@ -65,7 +64,6 @@ public enum BrowserSecurityHeaders {
|
||||
dh.put(CONTENT_SECURITY_POLICY_REPORT_ONLY.getKey(), CONTENT_SECURITY_POLICY_REPORT_ONLY.getDefaultValue());
|
||||
dh.put(X_CONTENT_TYPE_OPTIONS.getKey(), X_CONTENT_TYPE_OPTIONS.getDefaultValue());
|
||||
dh.put(X_ROBOTS_TAG.getKey(), X_ROBOTS_TAG.getDefaultValue());
|
||||
dh.put(X_XSS_PROTECTION.getKey(), X_XSS_PROTECTION.getDefaultValue());
|
||||
dh.put(STRICT_TRANSPORT_SECURITY.getKey(), STRICT_TRANSPORT_SECURITY.getDefaultValue());
|
||||
dh.put(REFERRER_POLICY.getKey(), REFERRER_POLICY.getDefaultValue());
|
||||
|
||||
|
||||
@ -10,7 +10,6 @@ import static org.keycloak.models.BrowserSecurityHeaders.STRICT_TRANSPORT_SECURI
|
||||
import static org.keycloak.models.BrowserSecurityHeaders.X_CONTENT_TYPE_OPTIONS;
|
||||
import static org.keycloak.models.BrowserSecurityHeaders.X_FRAME_OPTIONS;
|
||||
import static org.keycloak.models.BrowserSecurityHeaders.X_ROBOTS_TAG;
|
||||
import static org.keycloak.models.BrowserSecurityHeaders.X_XSS_PROTECTION;
|
||||
import static org.keycloak.models.BrowserSecurityHeaders.realmDefaultHeaders;
|
||||
|
||||
import java.util.Arrays;
|
||||
@ -52,7 +51,6 @@ public class BrowserSecurityHeadersTest {
|
||||
CONTENT_SECURITY_POLICY_REPORT_ONLY,
|
||||
X_CONTENT_TYPE_OPTIONS,
|
||||
X_ROBOTS_TAG,
|
||||
X_XSS_PROTECTION,
|
||||
STRICT_TRANSPORT_SECURITY,
|
||||
REFERRER_POLICY
|
||||
);
|
||||
|
||||
@ -87,7 +87,6 @@ public class DefaultSecurityHeadersProvider implements SecurityHeadersProvider {
|
||||
private void addGenericHeaders(MultivaluedMap<String, Object> headers) {
|
||||
addHeader(BrowserSecurityHeaders.STRICT_TRANSPORT_SECURITY, headers);
|
||||
addHeader(BrowserSecurityHeaders.X_CONTENT_TYPE_OPTIONS, headers);
|
||||
addHeader(BrowserSecurityHeaders.X_XSS_PROTECTION, headers);
|
||||
addHeader(BrowserSecurityHeaders.REFERRER_POLICY, headers);
|
||||
}
|
||||
|
||||
@ -95,7 +94,6 @@ public class DefaultSecurityHeadersProvider implements SecurityHeadersProvider {
|
||||
addHeader(BrowserSecurityHeaders.STRICT_TRANSPORT_SECURITY, headers);
|
||||
addHeader(BrowserSecurityHeaders.X_FRAME_OPTIONS, headers);
|
||||
addHeader(BrowserSecurityHeaders.X_CONTENT_TYPE_OPTIONS, headers);
|
||||
addHeader(BrowserSecurityHeaders.X_XSS_PROTECTION, headers);
|
||||
addHeader(BrowserSecurityHeaders.REFERRER_POLICY, headers);
|
||||
}
|
||||
|
||||
|
||||
@ -29,7 +29,6 @@ public class AdminHeadersTest {
|
||||
assertDefaultValue(BrowserSecurityHeaders.STRICT_TRANSPORT_SECURITY, h);
|
||||
assertDefaultValue(BrowserSecurityHeaders.X_FRAME_OPTIONS, h);
|
||||
assertDefaultValue(BrowserSecurityHeaders.X_CONTENT_TYPE_OPTIONS, h);
|
||||
assertDefaultValue(BrowserSecurityHeaders.X_XSS_PROTECTION, h);
|
||||
assertDefaultValue(BrowserSecurityHeaders.REFERRER_POLICY, h);
|
||||
|
||||
response.close();
|
||||
|
||||
@ -76,7 +76,6 @@
|
||||
"xContentTypeOptions": "nosniff",
|
||||
"xRobotsTag": "none",
|
||||
"xFrameOptions": "SAMEORIGIN",
|
||||
"xXSSProtection": "1; mode=block",
|
||||
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
@ -639,7 +638,6 @@
|
||||
"clientAuthenticationFlow": "clients",
|
||||
"dockerAuthenticationFlow": "docker auth",
|
||||
"attributes": {
|
||||
"_browser_header.xXSSProtection": "1; mode=block",
|
||||
"_browser_header.xFrameOptions": "SAMEORIGIN",
|
||||
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
|
||||
"permanentLockout": "false",
|
||||
|
||||
@ -672,7 +672,6 @@
|
||||
"xContentTypeOptions": "nosniff",
|
||||
"xRobotsTag": "none",
|
||||
"xFrameOptions": "SAMEORIGIN",
|
||||
"xXSSProtection": "1; mode=block",
|
||||
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
@ -1235,7 +1234,6 @@
|
||||
"clientAuthenticationFlow": "clients",
|
||||
"dockerAuthenticationFlow": "docker auth",
|
||||
"attributes": {
|
||||
"_browser_header.xXSSProtection": "1; mode=block",
|
||||
"_browser_header.xFrameOptions": "SAMEORIGIN",
|
||||
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
|
||||
"permanentLockout": "false",
|
||||
|
||||
@ -53,7 +53,6 @@
|
||||
"xContentTypeOptions": "nosniff",
|
||||
"xRobotsTag": "none",
|
||||
"xFrameOptions": "SAMEORIGIN",
|
||||
"xXSSProtection": "1; mode=block",
|
||||
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
@ -616,7 +615,6 @@
|
||||
"clientAuthenticationFlow": "clients",
|
||||
"dockerAuthenticationFlow": "docker auth",
|
||||
"attributes": {
|
||||
"_browser_header.xXSSProtection": "1; mode=block",
|
||||
"_browser_header.xFrameOptions": "SAMEORIGIN",
|
||||
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
|
||||
"permanentLockout": "false",
|
||||
|
||||
@ -961,7 +961,6 @@
|
||||
"xRobotsTag" : "none",
|
||||
"xFrameOptions" : "SAMEORIGIN",
|
||||
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"xXSSProtection" : "1; mode=block",
|
||||
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
"smtpServer" : { },
|
||||
@ -1594,7 +1593,6 @@
|
||||
"_browser_header.contentSecurityPolicyReportOnly" : "",
|
||||
"bruteForceProtected" : "false",
|
||||
"_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"_browser_header.xXSSProtection" : "1; mode=block",
|
||||
"_browser_header.xFrameOptions" : "SAMEORIGIN",
|
||||
"_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains",
|
||||
"webAuthnPolicyUserVerificationRequirement" : "not specified",
|
||||
|
||||
@ -1561,7 +1561,6 @@
|
||||
"xRobotsTag": "none",
|
||||
"xFrameOptions": "SAMEORIGIN",
|
||||
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"xXSSProtection": "1; mode=block",
|
||||
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
"smtpServer": {},
|
||||
|
||||
@ -2151,7 +2151,6 @@
|
||||
"xRobotsTag" : "none",
|
||||
"xFrameOptions" : "SAMEORIGIN",
|
||||
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||||
"xXSSProtection" : "1; mode=block",
|
||||
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
|
||||
},
|
||||
"smtpServer" : { },
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user