[ANNOUNCE] ngx_xss v0.02: fixed a bug to prevent responses from gzipping
agentzh
agentzh at gmail.com
Tue Jun 22 13:46:15 MSD 2010
Hi, all~
I'm glad to announce the v0.02 release of the ngx_xss module:
http://github.com/agentzh/xss-nginx-module/tarball/v0.02
This module provides native cross-site scripting (XSS) support in
nginx, and cross-site GET via JSONP in particular. Please visit the
project homepage for more details:
http://github.com/agentzh/xss-nginx-module
This release fixes a nasty bug in Content-Type header handling. The
previous version does not clear r->headers_out.content_type_lowcase
which sadly prevents responses from being compressed by the
ngx_http_gzip_filter_module if configured.
Thanks my teammate kindy++ for catching it in our production environment :P
Cheers,
-agentzh
More information about the nginx-devel
mailing list