Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-30356

Convert the SecurityHeadersInterceptor into a filter that applies to /*

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor(0) it is possible for some resources to be sent without the X-XSS-Protection header.

      (0) SecurityHeadersInterceptor is in the default interceptor stack.

      Attachments

        Issue Links

          relates to

          Suggestion - CONFCLOUD-30356 Convert the SecurityHeadersInterceptor into a filter that applies to /*

          • Closed

          Activity

            People

              dblack David Black
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: