http/response: get rid of the X-XSS-Protection header

It's useless at best, dangerous at worst, and shouldn't be used anymore anywhere. See the following resources for details: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection - https://chromestatus.com/feature/5021976655560704 - https://bugzilla.mozilla.org/show_bug.cgi?id=528661 - https://blogs.windows.com/windows-insider/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
author: jvoisin <julien.voisin@dustri.org> 2024-03-24 21:15:10 +0100
committer: Frédéric Guillot <f@miniflux.net> 2024-03-24 13:45:38 -0700
commit: 93c9d43497fed161c428933602f8112fce43733b (patch)
tree: 65febf75ba4a54343973e95ea6b9cf4471fb014c /internal/http/response/builder_test.go
parent: e3b3c40c287c4496c6df48f00e930d4f3d544506 (diff)
download: v2-93c9d43497fed161c428933602f8112fce43733b.tar.gz
v2-93c9d43497fed161c428933602f8112fce43733b.tar.zst
v2-93c9d43497fed161c428933602f8112fce43733b.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/internal/http/response/builder_test.go b/internal/http/response/builder_test.go
index 7b4d73ef..ccc29c8c 100644
--- a/internal/http/response/builder_test.go
+++ b/internal/http/response/builder_test.go
@@ -28,7 +28,6 @@ func TestResponseHasCommonHeaders(t *testing.T) {
 	resp := w.Result()
 
 	headers := map[string]string{
-		"X-XSS-Protection":       "1; mode=block",
 		"X-Content-Type-Options": "nosniff",
 		"X-Frame-Options":        "DENY",
 	}
author	jvoisin <julien.voisin@dustri.org>	2024-03-24 21:15:10 +0100
committer	Frédéric Guillot <f@miniflux.net>	2024-03-24 13:45:38 -0700
commit	93c9d43497fed161c428933602f8112fce43733b (patch)
tree	65febf75ba4a54343973e95ea6b9cf4471fb014c /internal/http/response/builder_test.go
parent	e3b3c40c287c4496c6df48f00e930d4f3d544506 (diff)
download	v2-93c9d43497fed161c428933602f8112fce43733b.tar.gz v2-93c9d43497fed161c428933602f8112fce43733b.tar.zst v2-93c9d43497fed161c428933602f8112fce43733b.zip