Loading core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php +1 −1 Original line number Diff line number Diff line Loading @@ -121,7 +121,7 @@ public function onRespond(ResponseEvent $event) { // Prevent browsers from sniffing a response and picking a MIME type // different from the declared content-type, since that can lead to // XSS and other vulnerabilities. // https://www.owasp.org/index.php/List_of_useful_HTTP_headers // https://owasp.org/www-project-secure-headers $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE); $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE); Loading Loading
core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php +1 −1 Original line number Diff line number Diff line Loading @@ -121,7 +121,7 @@ public function onRespond(ResponseEvent $event) { // Prevent browsers from sniffing a response and picking a MIME type // different from the declared content-type, since that can lead to // XSS and other vulnerabilities. // https://www.owasp.org/index.php/List_of_useful_HTTP_headers // https://owasp.org/www-project-secure-headers $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE); $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE); Loading
