commit 52b32d0a2e6790ad97fe2b5254b0509f2168b4e1
author Akron <nils@diewald-online.de> Thu Jan 21 17:37:19 2021 +0100
committer Akron <nils@diewald-online.de> Thu Jan 28 12:59:28 2021 +0100
tree a756b155030cb956ecde6ab6a1a24202ae4ce843
parent 88fc41cb41d388922314b76ddfe841a750bcd0e2

Introduce X-XSS-Protection header

Change-Id: I1b85d04743361343a09ca6d32593720a991a9e9f

Changes

diff --git a/Changes b/Changes
index f0b921a..c107578 100755
--- a/Changes
+++ b/Changes
@@ -13,6 +13,7 @@
         - Send 'nosniff' header.
         - defer main script.
         - Introduce X-Frame-Options header.
+        - Introduce X-XSS-Protection header.
 
 0.40 2020-12-17
         - Modernize ES and fix in-loops.

lib/Kalamar.pm

diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index a7c360b..1dbc373 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -113,6 +113,7 @@
       my $h = shift->res->headers;
       $h->header('X-Content-Type-Options' => 'nosniff');
       $h->header('X-Frame-Options' => 'sameorigin');
+      $h->header('X-XSS-Protection' => '1; mode=block');
       $h->header(
         'Access-Control-Allow-Methods' =>
           $h->header('Access-Control-Allow-Methods') // 'GET, POST, OPTIONS'

t/page.t

diff --git a/t/page.t b/t/page.t
index c9bce7f..9146c0f 100644
--- a/t/page.t
+++ b/t/page.t
@@ -34,6 +34,7 @@
   ->header_is('X-Content-Type-Options', 'nosniff')
   ->header_is('Access-Control-Allow-Methods','GET, POST, OPTIONS')
   ->header_is('X-Frame-Options', 'sameorigin')
+  ->header_is('X-XSS-Protection', '1; mode=block')
   ;
 
 # Test additions