Closed Bug 1345238 Opened 7 years ago Closed 7 years ago

CSP: Please avoid using deprecated X-* headers.

Categories

(bugzilla.mozilla.org :: General, enhancement)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: dylan, Assigned: seban)

Details

Attachments

(1 file)

pull request
44 bytes, text/x-github-pull-request
dylan
: review+
Details | Review 
"Note: It is known that having both Content-Security-Policy and X-Content-Security-Policy or X-Webkit-CSP causes unexpected behaviours on certain versions of browsers. Please avoid using deprecated X-* headers."

https://content-security-policy.com/

We send all three. Should we fix this?
Flags: needinfo?(april)
There's no reason to use anything but just Content-Security-Policy at this point.
Flags: needinfo?(april)
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: nobody → sebastinssanty
Attached file pull request 

        Attachment #8845642 -
        Flags: review+

    
    

    
  
To git@github.com:mozilla-bteam/bmo.git
   a312a33e3..f25ef8dde  master -> master
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED

    
    

    
  
This is now live.
Status: RESOLVED → VERIFIED

    
    

    
  
(In reply to April King [:April] from comment #1)
> There's no reason to use anything but just Content-Security-Policy at this
> point.

I've filed:
https://github.com/mozilla/http-observatory/issues/223

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: