spring-security

History

Daniel Garnier-Moiroux 93250013e4 Make X-Xss-Protection configurable through ServerHttpSecurity OWASP recommends using "X-Xss-Protection: 0". The default is currently "X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0". This commits adds the ability to configure the xssProtection header value in ServerHttpSecurity. This commit deprecates the use of "enabled" and "block" booleans to configure XSS protection, as the state "!enabled + block" is invalid. This impacts HttpSecurity. Issue gh-9631	2022-09-30 09:38:08 -05:00
..
src	Make X-Xss-Protection configurable through ServerHttpSecurity	2022-09-30 09:38:08 -05:00
spring-security-web.gradle	Remove dependency on commons-codec by using java.util.Base64	2022-06-09 06:50:01 -06:00

Daniel Garnier-Moiroux 93250013e4

Make X-Xss-Protection configurable through ServerHttpSecurity

OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".

This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.

This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.

Issue gh-9631

2022-09-30 09:38:08 -05:00

src

Make X-Xss-Protection configurable through ServerHttpSecurity

2022-09-30 09:38:08 -05:00

spring-security-web.gradle

Remove dependency on commons-codec by using java.util.Base64

2022-06-09 06:50:01 -06:00