Correcting X-XSS-Protection Header (#136)

* Correcting X-XSS-Protection Header X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block". Was "0" Now "1; mode=block" * Update issue templates
2019-05-07 19:11:05 -05:00 · 2019-05-07 19:11:05 -05:00 · 4fad9d672f
commit 4fad9d672f
parent 9e476e5b24
3 changed files with 57 additions and 1 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,36 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Checklist**
+- Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image?
+- Are you sure you're not using someone else's docker image?
+- If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?
+
+**Describe the bug**
+- A clear and concise description of what the bug is.
+- What version of Nginx Proxy Manager is reported on the login page?
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Operating System**
+- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error.
+
+**Additional context**
+Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/src/backend/app.js
+++ b/src/backend/app.js
@ -48,7 +48,7 @@ app.use(function (req, res, next) {

    res.set({
        'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-        'X-XSS-Protection':          '0',
+        'X-XSS-Protection':          '1; mode=block',
        'X-Content-Type-Options':    'nosniff',
        'X-Frame-Options':           x_frame_options,
        'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',