paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Remove legacy X-XSS-Protection header.

Browse Source 
Support for this header was removed in Chrome 78, Safari 15.4, and
Edge 17.  It was never supported in Firefox.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2022-06-27 15:19:27 -07:00
committed by Tim Abbott
parent 869fe60689
commit ef3510fa6d
2 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
puppet/zulip/files/nginx/zulip-include-common/headers
View File

@@ -5,4 +5,3 @@ add_header Strict-Transport-Security max-age=15768000 always;
add_header X-Frame-Options DENY always; add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

1
tools/ci/success-http-headers.template.txt
View File

@@ -7,7 +7,6 @@ content-language: en
strict-transport-security: max-age=15768000 strict-transport-security: max-age=15768000
x-frame-options: DENY x-frame-options: DENY
x-content-type-options: nosniff x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: * access-control-allow-origin: *
access-control-allow-headers: Authorization access-control-allow-headers: Authorization
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD