Edgewall Software

Changes between Version 1 and Version 2 of Ticket #12964, comment 9


Ignore:
Timestamp:
Apr 27, 2018, 2:39:59 AM (4 years ago)
Author:
Ryan J Ollos

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #12964, comment 9

    v1 v2  
    33
    44I had overlooked. I can think of a few ways to handle:
     5* `_outheaders` could be an `OrderedDict`, so that the `'X-XSS-Protection'` key is replaced when `end_headers` is called, rather than appending a conflicting key.
    56* We could search the tuple and remove conflicting key from configurable headers.
    6 * `_outheaders` could be an `OrderedDict`, so that the `'X-XSS-Protection'` key is replaced when `end_headers` is called, rather than appending a conflicting key.
    77* We could only append `'X-XSS-Protection', 0` only if it's not conflicting. However, that would cause the #12926 issue to be seen for some user-configurable headers.
    88