- changed title to Incorrect http header found
Incorrect http header found
Issue #1096
resolved
Hello Tildeslash,
a curl request to Monit 5.34.0 find an incorrect header and ended with an error message.
curl: (8) Header without colon
I checked processor.c and the header should modified from
X-XSS-Protection 1; mode=block
to
X-XSS-Protection: 1; mode=block
See processor.c, occurred two time (I think):
"X-Content-Type-Options: nosniff\r\n"
"X-Frame-Options: SAMEORIGIN\r\n"
"Content-Security-Policy: frame-ancestors 'self'\r\n")
"X-XSS-Protection 1; mode=block\r\n" << colon is missed
"Referrer-Policy: same-origin\r\n"
"Permissions-Policy: geolocation=(),camera=(),microphone=()\r\n"
Have a nice week,
Lutz
p.s.
See also
3e68e79 add XSS protection for older browsers
Comments (5)
-
reporter -
reporter - edited description
-
repo owner - changed status to open
-
repo owner - changed status to resolved
fix Issue
#1096(missing colon in header). Thanks to Lutz Mader for report→ <<cset 0fd56da0acab>>
-
reporter Thanks for your commit to fix this typo, see 0fd56da.
I will discard my patch now.Have a nice weekend,
Lutz - Log in to comment