Prevent ERR_BLOCKED_BY_XSS_AUDITOR in Chrome

Question

Prevent ERR_BLOCKED_BY_XSS_AUDITOR in Chrome

I have the following setup:

GET /foo - Displays a form with a text area containing markup that places in /bar

POST /bar - generates an ERR_BLOCKED_BY_XSS_AUDITOR error in Chrome (recently launched)

How can I get around this? I read that I have to use the X-XSS-Protection: 0 header to get around this, but should I send it as a request header or response header? On URL /foo or /bar alone?

+5

http google-chrome xss

Bobby jack Apr 18 '17 at 2:43

source share

1 answer

Igor Sinepolsky · Answer 1 · 2017-04-27T09:26:28+0000

You must send a response header on the server side. For example Node.js with Express

 res.header('X-XSS-Protection' , 0 );

Or for PHP

 header("X-XSS-Protection: 0");

Prevent ERR_BLOCKED_BY_XSS_AUDITOR in Chrome

More articles: