From 4fad9d672fe722a62de84815311574333edd1c35 Mon Sep 17 00:00:00 2001 From: OhHeyAlan Date: Tue, 7 May 2019 19:11:05 -0500 Subject: [PATCH] Correcting X-XSS-Protection Header (#136) * Correcting X-XSS-Protection Header X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block". Was "0" Now "1; mode=block" * Update issue templates --- .github/ISSUE_TEMPLATE/ | 36 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/ | 20 +++++++++++++ src/backend/app.js | 2 +- 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 .github/ISSUE_TEMPLATE/ create mode 100644 .github/ISSUE_TEMPLATE/ diff --git a/.github/ISSUE_TEMPLATE/ b/.github/ISSUE_TEMPLATE/ new file mode 100644 index 0000000..9860702 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/ @@ -0,0 +1,36 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug +assignees: '' + +--- + +**Checklist** +- Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? +- Are you sure you're not using someone else's docker image? +- If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? + +**Describe the bug** +- A clear and concise description of what the bug is. +- What version of Nginx Proxy Manager is reported on the login page? + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Operating System** +- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. + +**Additional context** +Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little. diff --git a/.github/ISSUE_TEMPLATE/ b/.github/ISSUE_TEMPLATE/ new file mode 100644 index 0000000..11fc491 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/ @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: enhancement +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/src/backend/app.js b/src/backend/app.js index 5980275..3b852cd 100644 --- a/src/backend/app.js +++ b/src/backend/app.js @@ -48,7 +48,7 @@ app.use(function (req, res, next) { res.set({ 'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload', - 'X-XSS-Protection': '0', + 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': x_frame_options, 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',