mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-12-26 23:25:56 -05:00
disable legacy X-XSS-Protection feature
Obsolete in every modern browser, unsafe, and replaced by CSP
This commit is contained in:
parent
8d06d9c111
commit
27d4b713f6
@ -32,7 +32,8 @@ impl Fairing for AppHeaders {
|
||||
res.set_raw_header("Referrer-Policy", "same-origin");
|
||||
res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
|
||||
res.set_raw_header("X-Content-Type-Options", "nosniff");
|
||||
res.set_raw_header("X-XSS-Protection", "1; mode=block");
|
||||
// Obsolete in modern browsers, unsafe (XS-Leak), and largely replaced by CSP
|
||||
res.set_raw_header("X-XSS-Protection", "0");
|
||||
let csp = format!(
|
||||
// Chrome Web Store: https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb
|
||||
// Edge Add-ons: https://microsoftedge.microsoft.com/addons/detail/bitwarden-free-password/jbkfoedolllekgbhcbcoahefnbanhhlh?hl=en-US
|
||||
|
Loading…
Reference in New Issue
Block a user