Solved

webconfig question

Posted on 2014-10-22
6
116 Views
Last Modified: 2014-11-09
Hi

What is the role of <clear/> in below code snipped and will it have any effect on functionality of <add name="X-XSS-Protection" value="1"/>


<httpProtocol>
      <customHeaders>
        <clear/>
        <add name="X-Frame-Options" value="DENY"/>
        <add name="X-XSS-Protection" value="1"/>
      </customHeaders>
    </httpProtocol>

Open in new window



Thanks
meetDinesh
0
Comment
Question by:Dinesh Kumar
  • 4
  • 2
6 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40396579
It removes all previously declared options.

Reference link:  http://msdn.microsoft.com/en-us/library/aa903345(v=vs.71).aspx

Dan
0
 

Author Comment

by:Dinesh Kumar
ID: 40396613
1. in my case, I see that I  am having <customHeaders> only once, do <clear/>
 solve any purpose or can I safely remove it?

2. If I remove it I want to ensure that, the following should not affect in any way:

 <add name="X-XSS-Protection" value="1"/>
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40396627
In your example config, clear would remove any previously declared (and inherited) keys from your application.  Only the defined keys after the clear will be used.

If you remove it, any upstream (parent) configuration will be included in your app.  But declaring this in your web.config should override anything that inherited.

Dan
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40396632
You can also read thru the article.  Maybe it will make it clearer for you:

http://stackoverflow.com/questions/7626440/web-config-clear

Dan
0
 

Author Comment

by:Dinesh Kumar
ID: 40396697
in my case, it will override  <customHeaders>
defined in machine config?

as I see there is one tag only in  web.config <customHeaders>
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40396723
A clear will remove the customHeaders config section from the web app that uses the configuration above in its web.config.

Then only your X-Frame-Options and X-XSS-Protection items will be used.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now