groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-06 11:09:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Removed Microsoft X-XSS-Protection header, as it is not recommended on modern browsers anymore and is considered deprecated

Browse source
This commit is contained in:
Jan Böhmer 2025-09-19 09:18:32 +02:00
parent 1a0fab0615
commit bb49c67108
1 changed files with 0 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
config/packages/nelmio_security.yaml
View file

@ -20,12 +20,6 @@ nelmio_security:
- 'digikey.com' - 'digikey.com'
- 'nexar.com' - 'nexar.com'
# forces Microsoft's XSS-Protection with
# its block mode
xss_protection:
enabled: true
mode_block: true
# Send a full URL in the `Referer` header when performing a same-origin request, # Send a full URL in the `Referer` header when performing a same-origin request,
# only send the origin of the document to secure destination (HTTPS->HTTPS), # only send the origin of the document to secure destination (HTTPS->HTTPS),
# and send no header to a less secure destination (HTTPS->HTTP). # and send no header to a less secure destination (HTTPS->HTTP).