You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The UseXSSProtection() extension method is still available, but simply removed from the default builder. So consumers can still add this to their generated headers by calling the above extension method.
Description
As the Chromium team have announced their plan to deprecate the XSSAuditor in Chrome, along with it having been removed from Edge in October, 2018, the X-XSS-Protection header should be removed from the default builder. However, since legacy browsers still support the header, it should still be possible to add the header via an extension method.
Notes for Implementers
Removing UseXSSProtection() from the BuildDefaultConfiguration extension method will get us part way to fixing this issue.
The text was updated successfully, but these errors were encountered: