gearheads
/
mastodon
Archived
2
0
Fork 0
Code Releases 4 Activity

disable legacy XSS filtering (#17289) 

Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
gh/stable
Wonderfall 2022-01-24 13:14:26 +01:00 committed by GitHub
parent dd63923c0a
commit 244726e2e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/environments/production.rb
View File

@ -118,7 +118,7 @@ Rails.application.configure do
'Server' => 'Mastodon', 'Server' => 'Mastodon',
'X-Frame-Options' => 'DENY', 'X-Frame-Options' => 'DENY',
'X-Content-Type-Options' => 'nosniff', 'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block', 'X-XSS-Protection' => '0',
'Permissions-Policy' => 'interest-cohort=()', 'Permissions-Policy' => 'interest-cohort=()',
} }