Unverified Commit 47a02936 authored by dish's avatar dish
Browse files

nixos/pixelfed: remove X-XSS-Protection header 

not recommended to set it, per OWASP, as it can actually introduce
security issues

https://owasp.org/www-project-secure-headers/#x-xss-protection
parent 30ca6c36

nixos/modules/services/web-apps/pixelfed.nix

+0 −1
Original line number Diff line number Diff line
@@ -524,7 +524,6 @@ in 
          '';

          extraConfig = ''

            add_header X-Frame-Options "SAMEORIGIN";

            add_header X-XSS-Protection "1; mode=block";

            add_header X-Content-Type-Options "nosniff";

            index index.html index.htm index.php;

            error_page 404 /index.php;