From 4a30624fe8cba07603fcaacef833d7dee9ecf31e Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Thu, 30 Sep 2021 13:40:21 +0200
Subject: [PATCH] remove deprecated X-XSS-Protection header

Only legacy browsers are still supporting this header. See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection#browser_compatibility.
---
 ocis-pkg/middleware/header.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ocis-pkg/middleware/header.go b/ocis-pkg/middleware/header.go
index 0087d84f5d..f8b12a7fed 100644
--- a/ocis-pkg/middleware/header.go
+++ b/ocis-pkg/middleware/header.go
@@ -38,7 +38,6 @@ func Secure(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("X-Frame-Options", "DENY")
 		w.Header().Set("X-Content-Type-Options", "nosniff")
-		w.Header().Set("X-XSS-Protection", "1; mode=block")
 
 		if r.TLS != nil {
 			w.Header().Set("Strict-Transport-Security", "max-age=31536000")