mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-22 04:25:06 +01:00
disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
This commit is contained in:
parent
dd63923c0a
commit
244726e2e8
@ -118,7 +118,7 @@ Rails.application.configure do
|
|||||||
'Server' => 'Mastodon',
|
'Server' => 'Mastodon',
|
||||||
'X-Frame-Options' => 'DENY',
|
'X-Frame-Options' => 'DENY',
|
||||||
'X-Content-Type-Options' => 'nosniff',
|
'X-Content-Type-Options' => 'nosniff',
|
||||||
'X-XSS-Protection' => '1; mode=block',
|
'X-XSS-Protection' => '0',
|
||||||
'Permissions-Policy' => 'interest-cohort=()',
|
'Permissions-Policy' => 'interest-cohort=()',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user