root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Remove X-XSS-Protection suggestion

This commit is contained in:
Cameron Dahl 2021-12-30 23:08:49 -06:00 committed by David Lord
parent 981a94df68
commit 08ad8aabfe
No known key found for this signature in database
GPG Key ID: 7A1C87E3F5BC42A8
1 changed files with 0 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/security.rst
View File

@ -173,18 +173,6 @@ invisibly to clicks on your page's elements. This is also known as
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
X-XSS-Protection
~~~~~~~~~~~~~~~~
The browser will try to prevent reflected XSS attacks by not loading the page
if the request contains something that looks like JavaScript and the response
contains the same data. ::
response.headers['X-XSS-Protection'] = '1; mode=block'
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
.. _security-cookie:
Set-Cookie options