const classafSleepSafe::XssProtectionGuard
sys::Obj afSleepSafe::XssProtectionGuard : afSleepSafe::Guard
Guards against Cross Site Scripting (XSS) by setting an X-XSS-Protection
HTTP response header that tells browsers enable XSS filtering.
X-XSS-Protection: 1; mode=block
Note that browsers usually enable XSS filtering by default, so to disable it use the xssProtectionEnable
config.
See X-XSS-Protection on MDN for details.
IoC Configuration
afIocConfig Key | Value |
---|---|
| Tells the browser to enable / disable XSS filtering. Defaults to |
| How the browser should prevent the attack. Defaults to |
Example:
@Contribute { serviceType=ApplicationDefaults# } Void contributeAppDefaults(Configuration config) { config["afSleepSafe.xssProtectionEnable"] = false config["afSleepSafe.xssProtectionMode"] = null }
To disable, remove this class from the SleepSafeMiddleware
configuration:
@Contribute { serviceType=SleepSafeMiddleware# } Void contributeSleepSafeMiddleware(Configuration config) { config.remove(XssProtectionGuard#) }