From: Wonderfall <wonderfall@protonmail.com>
Date: Mon, 24 Jan 2022 12:14:26 +0000 (+0100)
Subject: disable legacy XSS filtering (#17289)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=244726e2e8682454cec6e49712e622fe87c5244f;p=mastodon.git

disable legacy XSS filtering (#17289)

Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
---

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 7e58c2b1c..7fe381040 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -118,7 +118,7 @@ Rails.application.configure do
     'Server'                 => 'Mastodon',
     'X-Frame-Options'        => 'DENY',
     'X-Content-Type-Options' => 'nosniff',
-    'X-XSS-Protection'       => '1; mode=block',
+    'X-XSS-Protection'       => '0',
     'Permissions-Policy'     => 'interest-cohort=()',
   }