#How to change X-XSS-Protection header using Fastify Helmet

1 messages · Page 1 of 1 (latest)

magic mountain May 6, 2023, 5:34 PM

How to change X-XSS-Protection header to 1? Supposedly, xxsFilter is supposed to set this value to 1 when true, but it doesn't

My Code:

  // Helmet - Protection
  await app.register(fastifyHelmet, {
    contentSecurityPolicy: {
      directives: {
        defaultSrc: ["'self'"],
        scriptSrc: ["'self'", "'unsafe-inline'"],
        styleSrc: ["'self'", "'unsafe-inline'"],
        connectSrc: ["'self'"],
        imageSrc: ["'self'"],
      },
    },
    xssFilter: true,
  });

Because I know that I can set it manually, but since Fastify Helmet sets the headers, I should rather be able to set it during configuration during initialization