Mailu generating two x-xss-protection headers

Created on 23 Sep 2019  ·  6Comments  ·  Source: Mailu/Mailu

A relatively out of the box configuration generates multiple x-xss headers:

x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block

I've checked to make sure this isn't cloudflare adding them by going directly to the server IP.

This is likely because both PHP and Nginx are setting this header.

Screenshot of issue:
issue_screenshot

prioritp2 typenhancement

Most helpful comment

I can confirm the behavior (rainloop webmail).
@kaiyou Is it possible to hide the "x-powered-by" header at the same time?

All 6 comments

This is rather surprising, I would think nginx was overwriting things. Will check if this has any impact and if it can be mitigated easily.

I can confirm the behavior (rainloop webmail).
@kaiyou Is it possible to hide the "x-powered-by" header at the same time?

I have the same issue, running mailu 1.7 with rainloop as the webmail interface. I thought that nginx would strip/overwrite these headers?

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).

  • 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
  • 🎉 if you find it a nice bonus, but no deal-breaker
  • 🚀 if you want to work on it yourself!
    We want to keep this voting open for 2 weeks from now, so please help out!

This should be good to do and issue closed :+1:

Closing since fixed by PR #1181 . Thank you for creating the PR and reporting the issue.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

styxlab picture styxlab  ·  4Comments

c-holtermann picture c-holtermann  ·  3Comments

elektro-wolle picture elektro-wolle  ·  3Comments

alizowghi picture alizowghi  ·  3Comments

v1ru535 picture v1ru535  ·  4Comments