mirror of
https://github.com/jellyfin/jellyfin.org.git
synced 2024-11-26 23:50:44 +00:00
remove X-XSS-Protection (#1151)
Some checks failed
build / Build (push) Has been cancelled
lint / Lint TypeScript/JavaScript (push) Has been cancelled
lint / Lint Markdown (push) Has been cancelled
test / Test URLs (test:blog-urls) (push) Has been cancelled
test / Test URLs (test:docs-urls) (push) Has been cancelled
test / Test URLs (test:web-urls) (push) Has been cancelled
build / Deploy to GitHub Pages (push) Has been cancelled
build / Deploy to Cloudflare Pages (push) Has been cancelled
Some checks failed
build / Build (push) Has been cancelled
lint / Lint TypeScript/JavaScript (push) Has been cancelled
lint / Lint Markdown (push) Has been cancelled
test / Test URLs (test:blog-urls) (push) Has been cancelled
test / Test URLs (test:docs-urls) (push) Has been cancelled
test / Test URLs (test:web-urls) (push) Has been cancelled
build / Deploy to GitHub Pages (push) Has been cancelled
build / Deploy to Cloudflare Pages (push) Has been cancelled
why is this line not removed, when it is dangerous and obsolete? According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection, we should remove it.
This commit is contained in:
jameskimmel
GitHub
parent
0528023c7f
commit
41089bfb08
@ -58,7 +58,6 @@ server {
|
||||
# Security / XSS Mitigation Headers
|
||||
# NOTE: X-Frame-Options may cause issues with the webOS app
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
# Permissions policy. May cause issues with some clients
|
||||
|
||||
Loading…
Reference in New Issue
Block a user