Web Browser XSS Protection is not enabled

luckyframework / authentic

An authentication library for Lucky projects

MIT License

14 stars 13 forks source link

Web Browser XSS Protection is not enabled #12

Closed snadon closed 6 years ago

snadon commented 6 years ago

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ’X-XSS-Protection’ HTTP response header on the web server.

paulcsmith commented 6 years ago

@joeldrapper

To anyone interested, this does not mean Lucky does not have XSS protection currently. lucky sanitizes HTML automatically. This is an additional precaution that makes things even more secure

paulcsmith commented 6 years ago

Closing in favor of https://github.com/luckyframework/lucky/issues/565