diff options
| author | Wonderfall <wonderfall@protonmail.com> | 2022-01-24 13:14:26 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-24 13:14:26 +0100 |
| commit | 244726e2e8682454cec6e49712e622fe87c5244f (patch) | |
| tree | 4442c781e01372a6a477f91959967d4f671694cb /config/environments | |
| parent | dd63923c0ae3601de76dee5bcf3a83f875584326 (diff) | |
disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
Diffstat (limited to 'config/environments')
| -rw-r--r-- | config/environments/production.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/environments/production.rb b/config/environments/production.rb index 7e58c2b1c..7fe381040 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -118,7 +118,7 @@ Rails.application.configure do 'Server' => 'Mastodon', 'X-Frame-Options' => 'DENY', 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1; mode=block', + 'X-XSS-Protection' => '0', 'Permissions-Policy' => 'interest-cohort=()', } |