Skip to content

Commit

Permalink
fix valid xss values in types and documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
automatensalat authored and cjihrig committed Mar 9, 2023
1 parent 89f2d44 commit c6d881f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
4 changes: 2 additions & 2 deletions API.md
Original file line number Diff line number Diff line change
Expand Up @@ -3364,8 +3364,8 @@ following options:

- `xss` - controls the 'X-XSS-Protection' header, where:

- `'disable'` - the header will be set to `'0'`. This is the default value.
- `'enable'` - the header will be set to `'1; mode=block'`.
- `'disabled'` - the header will be set to `'0'`. This is the default value.
- `'enabled'` - the header will be set to `'1; mode=block'`.
- `false` - the header will be omitted.

Note: when enabled, this setting can create a security vulnerabilities in versions of Internet Explorer
Expand Down
10 changes: 5 additions & 5 deletions lib/types/route.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -494,8 +494,8 @@ export type ReferrerPolicy = '' | 'no-referrer' | 'no-referrer-when-downgrade' |
* * * * source - when rule is 'allow-from' this is used to form the rest of the header, otherwise this field is ignored. If rule is 'allow-from' but source is unset, the rule will be automatically
* changed to 'sameorigin'.
* * xss - controls the 'X-XSS-Protection' header, where:
* * * 'disable' - the header will be set to '0'. This is the default value.
* * * 'enable' - the header will be set to '1; mode=block'.
* * * 'disabled' - the header will be set to '0'. This is the default value.
* * * 'enabled' - the header will be set to '1; mode=block'.
* * * false - the header will be omitted
* * noOpen - boolean controlling the 'X-Download-Options' header for Internet Explorer, preventing downloads from executing in your context. Defaults to true setting the header to 'noopen'.
* * noSniff - boolean controlling the 'X-Content-Type-Options' header. Defaults to true setting the header to its only and default option, 'nosniff'.
Expand Down Expand Up @@ -535,11 +535,11 @@ export interface RouteOptionsSecureObject {
} | undefined;
/**
* controls the 'X-XSS-Protection' header, where:
* * 'disable' - the header will be set to '0'. This is the default value.
* * 'enable' - the header will be set to '1; mode=block'.
* * 'disabled' - the header will be set to '0'. This is the default value.
* * 'enabled' - the header will be set to '1; mode=block'.
* * false - the header will be omitted
*/
xss?: 'disable' | 'enable' | false | undefined;
xss?: 'disabled' | 'enabled' | false | undefined;
/**
* boolean controlling the 'X-Download-Options' header for Internet Explorer, preventing downloads from executing in your context. Defaults to true setting the header to 'noopen'.
*/
Expand Down

0 comments on commit c6d881f

Please sign in to comment.