Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove X-XSS-Protection header #5330

Merged
merged 3 commits into from
Oct 25, 2021
Merged

remove X-XSS-Protection header #5330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0af8ac1
remove X-XSS header, resolves #5328
Oct 23, 2021
ee7e070
remove X-XSS header, resolves #5328
Oct 23, 2021
cdb5b4b
Merge branch 'remove-x_xss_header' of github.com:manuel-sommer/django…
Oct 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions dojo/settings/settings.dist.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
DD_SESSION_EXPIRE_AT_BROWSER_CLOSE=(bool, False),
DD_SESSION_COOKIE_AGE=(int, 1209600), # 14 days
DD_CSRF_COOKIE_SECURE=(bool, False),
DD_SECURE_BROWSER_XSS_FILTER=(bool, True),
DD_SECURE_CONTENT_TYPE_NOSNIFF=(bool, True),
DD_TIME_ZONE=(str, 'UTC'),
DD_LANG=(str, 'en-us'),
Expand Down Expand Up @@ -544,10 +543,6 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
# (except for those URLs matching a regular expression listed in SECURE_REDIRECT_EXEMPT).
SECURE_SSL_REDIRECT = env('DD_SECURE_SSL_REDIRECT')

# If True, the SecurityMiddleware sets the X-XSS-Protection: 1;
# mode=block header on all responses that do not already have it.
SECURE_BROWSER_XSS_FILTER = env('DD_SECURE_BROWSER_XSS_FILTER')

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
SECURE_CONTENT_TYPE_NOSNIFF = env('DD_SECURE_CONTENT_TYPE_NOSNIFF')

Expand Down
3 changes: 0 additions & 3 deletions dojo/settings/template-env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,6 @@ DD_WHITENOISE=True
# Whether to use a secure cookie for the CSRF cookie.
# DD_CSRF_COOKIE_SECURE=False

# If True, the SecurityMiddleware sets the X-XSS-Protection: 1;
# DD_SECURE_BROWSER_XSS_FILTER=True

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
# DD_SECURE_CONTENT_TYPE_NOSNIFF=True

Expand Down