From 7611471834f85524171c98920963bf75db006d9f Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@protonmail.com>
Date: Fri, 4 Feb 2022 20:56:04 +0100
Subject: [PATCH] disable legacy X-XSS-Protection

Obsolete, unsafe, and superseded by CSP
---
 rootfs/etc/nginx/conf.d/default.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
index 0ce67f8..f5c6608 100644
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@@ -22,7 +22,7 @@ server {
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Permitted-Cross-Domain-Policies "none" always;
         add_header X-Robots-Tag "none" always;
-        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-XSS-Protection "0" always;
 
         location = /robots.txt {
             allow all;