security - Why this error in dev console of chrome when using x-xss-protection?

Question

Welcome To Ask or Share your Answers For Others

security - Why this error in dev console of chrome when using x-xss-protection?

posted Oct 7, 2021 in Technique[技术] by 深蓝 (71.8m points)

security - Why this error in dev console of chrome when using x-xss-protection?

How to fix this error in console?

Error parsing header X-XSS-Protection: 1; mode=block, 1;
mode=block:expected semicolon at character position 14.
The default protections will be applied.

question from:https://stackoverflow.com/questions/36329776/why-this-error-in-dev-console-of-chrome-when-using-x-xss-protection

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-06T17:20:03+0000

If the error is shown even you send the right header, check if you send the header perhaps twice. This is shown in the error-console below network and you click on any file.

Sending the header twice can happen if for the server

add_header X-XSS-Protection "1; mode=block";

is noted in two different include-files or one include-file is included twice. Browsers or at least chrome is concatenating the two headers then internally and the applied WRONG rule is then, like shown in the question:

X-XSS-Protection: "1; mode=block, 1; mode=block"

Categories

security - Why this error in dev console of chrome when using x-xss-protection?

security - Why this error in dev console of chrome when using x-xss-protection?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags