- changed title to Incorrect http header found
Incorrect http header found
Issue #1096
resolved
Hello Tildeslash,
a curl request to Monit 5.34.0 find an incorrect header and ended with an error message.
curl: (8) Header without colon
I checked processor.c and the header should modified from
X-XSS-Protection 1; mode=block
to
X-XSS-Protection: 1; mode=block
See processor.c, occurred two time (I think):
"X-Content-Type-Options: nosniff\r\n"
"X-Frame-Options: SAMEORIGIN\r\n"
"Content-Security-Policy: frame-ancestors 'self'\r\n")
"X-XSS-Protection 1; mode=block\r\n" << colon is missed
"Referrer-Policy: same-origin\r\n"
"Permissions-Policy: geolocation=(),camera=(),microphone=()\r\n"
Have a nice week,
Lutz
p.s.
See also
3e68e79 add XSS protection for older browsers
Comments (6)
-
reporter -
reporter - edited description
-
repo owner - changed status to open
-
repo owner - changed status to resolved
fix Issue
#1096(missing colon in header). Thanks to Lutz Mader for report→ <<cset 0fd56da0acab>>
-
reporter Thanks for your commit to fix this typo, see 0fd56da.
I will discard my patch now.Have a nice weekend,
Lutz -
repo owner backport: commit 0fd56da0acabcb450c57912d0921af8f001a72e7 Author: tildeslash info@tildeslash.com Date: Sun Nov 12 07:36:32 2023 +0100
fix Issue #1096 (missing colon in header). Thanks to Lutz Mader for report
→ <<cset 1018fc799f1d>>
- Log in to comment