Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-05-24 01:38:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat: set X-XSS-Protection while serving static content (#5412)

Browse source 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
This commit is contained in:
Alexander Matyushentsev 2021-02-04 15:27:31 -08:00 committed by GitHub
parent bef46390ea
commit 8014cf3c03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server/server.go
View file

@ -833,6 +833,7 @@ func (server *ArgoCDServer) newStaticAssetsHandler(dir string, baseHRef string)
if server.XFrameOptions != "" {
w.Header().Set("X-Frame-Options", server.XFrameOptions)
}
w.Header().Set("X-XSS-Protection", "1")
// serve index.html for non file requests to support HTML5 History API
if acceptHTML && !fileRequest && (r.Method == "GET" || r.Method == "HEAD") {