• Resolved joecodes

    (@joecodes)


    I found Chrome was giving an error related to the x-xss-protection header. This can be caused by sending the header twice which was my case. When I turn off the firewall’s default setting for this header the problem is resolved with just one header sent. I’m guessing this is caused by nginx sending this header already. Can the firewall detect the header is already set and not set it a second time?

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    It detects if the header was added, but the problem is that your HTTP server is appending it after NinjaFirewall exits. When dealing with HTTP headers at the HTTP server level (Apache, Nginx etc), it’s important to check if the header exists already. It seems your current configuration doesn’t.
    In the future, I think I will disable the X-XSS-Protection by default in NinjaFirewall.

Viewing 1 replies (of 1 total)
  • The topic ‘XSS Header Sent Twice Error’ is closed to new replies.