Merge pull request 'Drop XSS auditor' (#292) from r3g_5z/akkoma:drop-xss-auditor into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/292
This commit is contained in:
floatingghost 2022-11-20 04:00:25 +00:00
commit 6453297e9c
5 changed files with 5 additions and 5 deletions

View file

@ -23,7 +23,7 @@ This sets the `secure` flag on Akkomas session cookie. This makes sure, that
This will send additional HTTP security headers to the clients, including: This will send additional HTTP security headers to the clients, including:
* `X-XSS-Protection: "1; mode=block"` * `X-XSS-Protection: "0"`
* `X-Permitted-Cross-Domain-Policies: "none"` * `X-Permitted-Cross-Domain-Policies: "none"`
* `X-Frame-Options: "DENY"` * `X-Frame-Options: "DENY"`
* `X-Content-Type-Options: "nosniff"` * `X-Content-Type-Options: "nosniff"`

View file

@ -155,7 +155,7 @@ server {
location / { location / {
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "0";
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;

View file

@ -99,7 +99,7 @@ server {
location / { location / {
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "0";
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;

View file

@ -160,7 +160,7 @@ http protocol plerup { # Protocol for upstream akkoma server
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match response header append "X-XSS-Protection" value "1; mode=block" match response header append "X-XSS-Protection" value "0"
match response header append "X-Permitted-Cross-Domain-Policies" value "none" match response header append "X-Permitted-Cross-Domain-Policies" value "none"
match response header append "X-Frame-Options" value "DENY" match response header append "X-Frame-Options" value "DENY"
match response header append "X-Content-Type-Options" value "nosniff" match response header append "X-Content-Type-Options" value "nosniff"

View file

@ -42,7 +42,7 @@ def headers do
custom_http_frontend_headers = custom_http_frontend_headers() custom_http_frontend_headers = custom_http_frontend_headers()
headers = [ headers = [
{"x-xss-protection", "1; mode=block"}, {"x-xss-protection", "0"},
{"x-permitted-cross-domain-policies", "none"}, {"x-permitted-cross-domain-policies", "none"},
{"x-frame-options", "DENY"}, {"x-frame-options", "DENY"},
{"x-content-type-options", "nosniff"}, {"x-content-type-options", "nosniff"},