Opened 5 years ago

Closed 5 years ago

#30680 closed Cleanup/optimization (fixed)

Remove security.W007 check.

Reported by: Adam Johnson Owned by: Adnan Umer
Component: Core (System checks) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

As discused in #30426, it seems that the X-Xss-Protection security header is no longer industry best practice, as major browsers are removing their XSS auditors and security professionals no longer recommend it:

As suggested by Ran on #30426, rather than enforce the setting SECURE_BROWSER_XSS_FILTER, we should actually be looking at removing the check security.W007 so users have one less thing to think about for a modern security posture.

Change History (5)

comment:1 by Mariusz Felisiak, 5 years ago

Component: Core (Other)Core (System checks)
Summary: Remove security.W007 checkRemove security.W007 check.
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization
Version: 2.2master

comment:2 by Mariusz Felisiak, 5 years ago

Easy pickings: set

comment:3 by Adnan Umer, 5 years ago

Owner: changed from nobody to Adnan Umer
Status: newassigned

comment:4 by Adnan Umer, 5 years ago

Has patch: set
Version 0, edited 5 years ago by Adnan Umer (next)

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 5 years ago

Resolution: fixed
Status: assignedclosed

In c5075360:

Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.

Note: See TracTickets for help on using tickets.
Back to Top