Properly structure X-XSS-Protection header

author Evan Prodromou <evan@status.net>

Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)

committer Evan Prodromou <evan@status.net>

Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
author Evan Prodromou <evan@status.net>
Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
committer Evan Prodromou <evan@status.net>
Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php

index e358b2be5d57b70207fcf038bba579515a479f28..9a43ef069efaae237df31f7b48931827ec1103ee 100644 (file)
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
         // Output anti-framing headers to prevent clickjacking (respected by newer
          // browsers).
         if (common_config('javascript', 'bustframes')) {
-            header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
              header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
          }
author	Evan Prodromou <evan@status.net>
	Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
committer	Evan Prodromou <evan@status.net>
	Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)