Mahara

  1. Bug #1531987
  2. Comment #9

Comment 9 for bug 1531987

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/6215
Committed: https://git.mahara.org/mahara/mahara/commit/d45af6dc1626736f6e8f9a2fcc8e45f854ef974c
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit d45af6dc1626736f6e8f9a2fcc8e45f854ef974c
Author: Aaron Wells <email address hidden>
Date: Thu Feb 4 16:33:11 2016 +1300

Adding some HTTP headers for security (Bug 1531987)

X-XSS-Protection: Tells the browser not to disable XSS protection

X-Content-Type-Options: Tells the browser not to try to guess at
mimetypes of downloads

X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust
alternate crossdomain.xml files (which set the permissions on whether
this site allows itself to be accessed by scripts in Flash & PDF).
Prevents an attacker from uploading a more permissive crossdomain.xml

X-Powered-By: PHP by default sends this header with the current full
PHP version.

behatnotneeded: Selenium can't examine HTTP response headers

Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357
(cherry picked from commit 29656f034ff0eefa19fb6a0c24f006ff3ef9e1f0)