disable legacy XSS filtering (#17289)

Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
This commit is contained in:
Wonderfall 2022-01-24 13:14:26 +01:00 committed by Claire
parent bf005edd30
commit a06dda41d0

View file

@ -118,7 +118,7 @@ Rails.application.configure do
'Server' => 'Mastodon',
'X-Frame-Options' => 'DENY',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
'X-XSS-Protection' => '0',
'Permissions-Policy' => 'interest-cohort=()',
}