Skip to content
Browse files

Correcting X-XSS-Protection Header (#136)

* Correcting X-XSS-Protection Header

X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block".

Was "0"
Now "1; mode=block"

* Update issue templates
  • Loading branch information...
OhHeyAlan authored and jc21 committed May 8, 2019
1 parent 9e476e5 commit 4fad9d672fe722a62de84815311574333edd1c35
Showing with 57 additions and 1 deletion.
  1. +36 −0 .github/ISSUE_TEMPLATE/
  2. +20 −0 .github/ISSUE_TEMPLATE/
  3. +1 −1 src/backend/app.js
@@ -0,0 +1,36 @@
name: Bug report
about: Create a report to help us improve
title: ''
labels: bug
assignees: ''


- Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image?
- Are you sure you're not using someone else's docker image?
- If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?

**Describe the bug**
- A clear and concise description of what the bug is.
- What version of Nginx Proxy Manager is reported on the login page?

**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected behavior**
A clear and concise description of what you expected to happen.

If applicable, add screenshots to help explain your problem.

**Operating System**
- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error.

**Additional context**
Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little.
@@ -0,0 +1,20 @@
name: Feature request
about: Suggest an idea for this project
title: ''
labels: enhancement
assignees: ''


**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

**Describe the solution you'd like**
A clear and concise description of what you want to happen.

**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.

**Additional context**
Add any other context or screenshots about the feature request here.
@@ -48,7 +48,7 @@ app.use(function (req, res, next) {

'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
'X-XSS-Protection': '0',
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': x_frame_options,
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',

0 comments on commit 4fad9d6

Please sign in to comment.
You can’t perform that action at this time.