spring-security

History

Daniel Garnier-Moiroux 93250013e4 Make X-Xss-Protection configurable through ServerHttpSecurity OWASP recommends using "X-Xss-Protection: 0". The default is currently "X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0". This commits adds the ability to configure the xssProtection header value in ServerHttpSecurity. This commit deprecates the use of "enabled" and "block" booleans to configure XSS protection, as the state "!enabled + block" is invalid. This impacts HttpSecurity. Issue gh-9631	2022-09-30 09:38:08 -05:00
..
src	Make X-Xss-Protection configurable through ServerHttpSecurity	2022-09-30 09:38:08 -05:00
spring-security-config.gradle	Fix saml2Tests always running after a single test	2022-06-03 11:22:46 -03:00

Daniel Garnier-Moiroux 93250013e4

Make X-Xss-Protection configurable through ServerHttpSecurity

OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".

This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.

This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.

Issue gh-9631

2022-09-30 09:38:08 -05:00

src

Make X-Xss-Protection configurable through ServerHttpSecurity

2022-09-30 09:38:08 -05:00

spring-security-config.gradle

Fix saml2Tests always running after a single test

2022-06-03 11:22:46 -03:00