1

I run the latest jenkins as a standalone as below.

java -jar jenkins.war

We used self-signed SSL certificate. When we access the Jenkins console and observe the HTTP response headers we see critical HTTP headers missing like for example X-XSS-Protection

We do not use or plan to use any web proxy but like to access the Jenkins URL directly https://localhost:9043

I already read this article but it does not seem to have any solution: https://issues.jenkins-ci.org/browse/JENKINS-24548

Can you please suggest how can i add the X-XSS-Protection for say to my Jenkins?

4

1 回答 1

2

I would not name X-XSS-Protection critical. I would name it pretend-you-do-something.

Having said that, there's a plugin: https://plugins.jenkins.io/extended-security-settings/

In the article you will also read:

For more complex header rewrite rules, using a reverse proxy such as Apache with mod_headers is a more complete solution.

于 2020-07-01T11:01:36.550 回答