Posted July 10, 20196 yr Hi IPS admin users and fellows, I read in several topics that secure headers can affect the editor's behavior. So we have the following to meet "security standards": X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff Which ones do I need to change in order for IPB to function as designed? Thank you for clarification, Thomas
July 10, 20196 yr Invision Community already sets X-Frame-Options to "sameorigin" if your AdminCP setting to prevent click jacking isn't disabled. You should disable the X-XSS-Protection header. We explicitly disable this, because when you are posting HTML content to a forum it is entirely expected that the submitted content is going to be immediately "reflected" or displayed back to the end user upon submit. With certain things, such as certain embeds that may use javascript, the X-XSS-Protection may result in the post/viewing of the post not working correctly.
July 11, 20196 yr Author Thanks for your clarification and explanation 👍 We changed the setting accordingly.
Archived
This topic is now archived and is closed to further replies.