chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity

disable legacy XSS filtering (#17289)

Browse source 
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
This commit is contained in:
Wonderfall 2022-01-24 13:14:26 +01:00 committed by Claire
parent d7adbf5a63
commit b99c58b6fe
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/environments/production.rb
View file

@ -108,7 +108,7 @@ Rails.application.configure do
'Server' => 'Mastodon', 'Server' => 'Mastodon',
'X-Frame-Options' => 'DENY', 'X-Frame-Options' => 'DENY',
'X-Content-Type-Options' => 'nosniff', 'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block', 'X-XSS-Protection' => '0',
} }
config.x.otp_secret = ENV.fetch('OTP_SECRET') config.x.otp_secret = ENV.fetch('OTP_SECRET')