2 Replies Latest reply on Mar 7, 2014 3:06 AM by ztenerowicz

    Is Jive 7 avoids XSS attacks?


      Hi All,

      I am trying to migrate our tool from 4.5.5 version to 7.0 version.

      In 4.5.5 version i have developed a security filter which sets X-FRAME-OPTIONS, X-XSS-PROTECTION response headers .

      But when i'm getting my tool migrated to 7.0 i observed that all 7.0 version requests consists of response whose X-FRAME-OPTIONS header is already coming set.

      So do i need to take care of X-XSS-PROECTION header also in the response in 7.0 or is it already been handled.

      If it is not required then i can skip uploading this plugin jar in jive 7.0 instance.


      Please let me know your comments on this.