aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver/src/main
diff options
context:
space:
mode:
authorlukasz-jarocki-sonarsource <lukasz.jarocki@sonarsource.com>2024-09-12 16:10:38 +0200
committersonartech <sonartech@sonarsource.com>2024-09-13 20:02:35 +0000
commitdaf512d755a7c23a426b297ff7a43b57b33048f3 (patch)
tree7fed61796ab0f55fdbd22bbaecbbb4d65b5d3c19 /server/sonar-webserver/src/main
parent4aa45bbc641827cf55b1c01170a405f2d73c1182 (diff)
downloadsonarqube-daf512d755a7c23a426b297ff7a43b57b33048f3.tar.gz
sonarqube-daf512d755a7c23a426b297ff7a43b57b33048f3.zip
SONAR-23029 fix ssf
Diffstat (limited to 'server/sonar-webserver/src/main')
-rw-r--r--server/sonar-webserver/src/main/java/org/sonar/server/platform/web/SecurityServletFilter.java6
1 files changed, 3 insertions, 3 deletions
diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/SecurityServletFilter.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/SecurityServletFilter.java
index afb7332af2c..ce0687a7011 100644
--- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/SecurityServletFilter.java
+++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/SecurityServletFilter.java
@@ -83,11 +83,11 @@ public class SecurityServletFilter implements Filter {
}
// Cross-site scripting
- // See https://www.owasp.org/index.php/List_of_useful_HTTP_headers
- httpResponse.setHeader("X-XSS-Protection", "1; mode=block");
+ // See https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
+ httpResponse.setHeader("X-XSS-Protection", "0");
// MIME-sniffing
- // See https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+ // See https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options
httpResponse.setHeader("X-Content-Type-Options", "nosniff");
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 05:27:49 +0000