mirror of https://github.com/tootsuite/mastodon
disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.stable-3.3
parent
d7adbf5a63
commit
b99c58b6fe
|
@ -108,7 +108,7 @@ Rails.application.configure do
|
||||||
'Server' => 'Mastodon',
|
'Server' => 'Mastodon',
|
||||||
'X-Frame-Options' => 'DENY',
|
'X-Frame-Options' => 'DENY',
|
||||||
'X-Content-Type-Options' => 'nosniff',
|
'X-Content-Type-Options' => 'nosniff',
|
||||||
'X-XSS-Protection' => '1; mode=block',
|
'X-XSS-Protection' => '0',
|
||||||
}
|
}
|
||||||
|
|
||||||
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
||||||
|
|
Loading…
Reference in New Issue