ggomaeng/react-native-facebook-ui

Finding on 2018-05-21 04:26:03

Open

#3 opened on Jul 31, 2018

View on GitHub
 (0 comments) (0 reactions) (0 assignees)JavaScript (609 stars) (82 forks)batch import
bughelp wanted

Description

  • Name: Web Browser XSS Protection Not Enabled
  • ID: a4ff8bf70b1215eda9c0ae050dbec6e8
  • Affected Hosts: ['https://kolyaak.github.io/']
  • Description: Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server
  • First seen: 2018-05-21 04:26:03
  • Recommendation: Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.

Contributor guide

Tech stack
javascriptreact
Domain
security
Issue type
security
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
1
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
unclear
Prerequisites
basic understanding of HTTP security headers
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
70
Research direction
Investigate if the repository has a web server component (e.g., for a demo or documentation) that serves the affected host. If such a server exists, locate its configuration (e.g., Express middleware, Nginx config) and add the 'X XSS Protection: 1' header. If no server is present, the issue may be invalid and should be closed.