yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2026-01-06 04:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/docs/security/xss.md
loicsaintroch d81f2840ea Prepare workflow for testing and publishing
2016-03-29 12:02:06 +02:00

778 B
Executable File
Raw Blame History

title
X-XSS

Cross-site scripting (XSS) is a type of attack in which a malicious agent manages to inject client-side JavaScript into your website, so that it runs in the trusted environment of your users' browsers.

Enables X-XSS-Protection headers to help prevent cross site scripting (XSS) attacks in older IE browsers (IE8).

Configuration

Configuration:

  • Key: xssProtection
  • Environment: development
  • Location: ./config/environments/development/security.json
  • Type: object

Example:

{
  "xssProtection": {
    "enabled": true,
    "mode": "block"
  }
}

Options:

  • enabled (boolean): If the header is enabled or not.
  • mode (string): Mode to set on the header.

Notes:

  • Set to false to disable HTTP Strict Transport Security.