Thomas P Posted July 10, 2019 Share Posted July 10, 2019 Hi IPS admin users and fellows, I read in several topics that secure headers can affect the editor's behavior. So we have the following to meet "security standards": X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff Which ones do I need to change in order for IPB to function as designed? Thank you for clarification, Thomas Link to comment Share on other sites More sharing options...
bfarber Posted July 10, 2019 Share Posted July 10, 2019 Invision Community already sets X-Frame-Options to "sameorigin" if your AdminCP setting to prevent click jacking isn't disabled. You should disable the X-XSS-Protection header. We explicitly disable this, because when you are posting HTML content to a forum it is entirely expected that the submitted content is going to be immediately "reflected" or displayed back to the end user upon submit. With certain things, such as certain embeds that may use javascript, the X-XSS-Protection may result in the post/viewing of the post not working correctly. Link to comment Share on other sites More sharing options...
Thomas P Posted July 11, 2019 Author Share Posted July 11, 2019 Thanks for your clarification and explanation 👍 We changed the setting accordingly. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.