]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
Properly structure X-XSS-Protection header
authorEvan Prodromou <evan@status.net>
Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
committerEvan Prodromou <evan@status.net>
Fri, 5 Aug 2011 14:42:18 +0000 (10:42 -0400)
lib/htmloutputter.php

index e358b2be5d57b70207fcf038bba579515a479f28..9a43ef069efaae237df31f7b48931827ec1103ee 100644 (file)
@@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
        // Output anti-framing headers to prevent clickjacking (respected by newer
         // browsers).
        if (common_config('javascript', 'bustframes')) {
-            header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
             header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
         }