- 🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺
I don't understand how the tests would not catch this?
I don't think the patch is the appropriate fix, although I'm not quite sure how we ended up passing defaults to
$config->get()
.. I suppose this is a hangover from a D7 port ofvariable_get()
perhaps?The existing code is definitely wrong, but let's pursue the fix in 🐛 No values in X-XSS-Protection Header select box Fixed .
As such, I'm going to close this as a duplicate (I'll try to carry credit across).