Update default X-XSS-Protection value to 0

github / secure_headers

Manages application of security headers with many safe defaults

MIT License

3.16k stars 252 forks source link

Update default X-XSS-Protection value to 0 #479

Closed rzhade3 closed 2 months ago

rzhade3 commented 2 years ago

This PR updates the default value of the X-XSS-Protection header to 0. There's further discussion here about the reasons for this: https://github.com/github/secure_headers/issues/439.

All PRs:

[x] Has tests
[x] Documentation updated

Closes https://github.com/github/secure_headers/issues/439

vcsjones commented 2 years ago

This is probably a good change to take but likely only for the next major release of this gem - as @oreoshake pointed out this is a breaking change. Maybe we can start gathering some thoughts on what the next major release should look like.

richter-alex commented 1 year ago

Howdy @JackMc! Any updates on when we might be able to expect a new major release being cut with this in it?