asked on

webconfig question

Hi

What is the role of <clear/> in below code snipped and will it have any effect on functionality of <add name="X-XSS-Protection" value="1"/>

<httpProtocol>
      <customHeaders>
        <clear/>
        <add name="X-Frame-Options" value="DENY"/>
        <add name="X-XSS-Protection" value="1"/>
      </customHeaders>
    </httpProtocol>

Open in new window

Thanks
meetDinesh

Dan McFadden

It removes all previously declared options.

Reference link: http://msdn.microsoft.com/en-us/library/aa903345(v=vs.71).aspx

Dan

Dinesh Kumar

ASKER

1. in my case, I see that I am having <customHeaders> only once, do <clear/>
solve any purpose or can I safely remove it?

2. If I remove it I want to ensure that, the following should not affect in any way:

<add name="X-XSS-Protection" value="1"/>

Dan McFadden

In your example config, clear would remove any previously declared (and inherited) keys from your application. Only the defined keys after the clear will be used.

If you remove it, any upstream (parent) configuration will be included in your app. But declaring this in your web.config should override anything that inherited.

Dan

Dan McFadden

You can also read thru the article. Maybe it will make it clearer for you:

http://stackoverflow.com/questions/7626440/web-config-clear

Dan

Dinesh Kumar

ASKER

in my case, it will override <customHeaders>
defined in machine config?

as I see there is one tag only in web.config <customHeaders>

ASKER CERTIFIED SOLUTION

Dan McFadden

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial