Changes between Version 1 and Version 2 of Ticket #12964, comment 9
- Timestamp:
- Apr 27, 2018, 2:39:59 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #12964, comment 9
v1 v2 3 3 4 4 I had overlooked. I can think of a few ways to handle: 5 * `_outheaders` could be an `OrderedDict`, so that the `'X-XSS-Protection'` key is replaced when `end_headers` is called, rather than appending a conflicting key. 5 6 * We could search the tuple and remove conflicting key from configurable headers. 6 * `_outheaders` could be an `OrderedDict`, so that the `'X-XSS-Protection'` key is replaced when `end_headers` is called, rather than appending a conflicting key.7 7 * We could only append `'X-XSS-Protection', 0` only if it's not conflicting. However, that would cause the #12926 issue to be seen for some user-configurable headers. 8 8