const classafSleepSafe::XssProtectionGuard

sys::Obj
  afSleepSafe::XssProtectionGuard : afSleepSafe::Guard

Guards against Cross Site Scripting (XSS) by setting an X-XSS-Protection HTTP response header that tells browsers enable XSS filtering.

X-XSS-Protection: 1; mode=block

Note that browsers usually enable XSS filtering by default, so to disable it use the xssProtectionEnable config.

See X-XSS-Protection on MDN for details.

IoC Configuration

afIocConfig Key

Value

afSleepSafe.xssProtectionEnable

Tells the browser to enable / disable XSS filtering. Defaults to true.

afSleepSafe.xssProtectionMode

How the browser should prevent the attack. Defaults to block.

Example:

@Contribute { serviceType=ApplicationDefaults# }
Void contributeAppDefaults(Configuration config) {
    config["afSleepSafe.xssProtectionEnable"] = false
    config["afSleepSafe.xssProtectionMode"]   = null
}

To disable, remove this class from the SleepSafeMiddleware configuration:

@Contribute { serviceType=SleepSafeMiddleware# }
Void contributeSleepSafeMiddleware(Configuration config) {
    config.remove(XssProtectionGuard#)
}