Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.

author: Tim Graham <timograham@gmail.com> 2021-04-23 08:59:35 -0400
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2021-04-30 12:32:52 +0200
commit: 54da6e2ac20bde80e0de9e35aa0c40ae1dd13943 (patch)
tree: 2c89d734b430d7f32381680601e8ef805b2c73fa /django/middleware/security.py
parent: 8bcb00858e0ddec79cc96669c238d29c30d7effb (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/django/middleware/security.py b/django/middleware/security.py
index b9c5da9db5..d2c2bf2d3f 100644
--- a/django/middleware/security.py
+++ b/django/middleware/security.py
@@ -12,7 +12,6 @@ class SecurityMiddleware(MiddlewareMixin):
         self.sts_include_subdomains = settings.SECURE_HSTS_INCLUDE_SUBDOMAINS
         self.sts_preload = settings.SECURE_HSTS_PRELOAD
         self.content_type_nosniff = settings.SECURE_CONTENT_TYPE_NOSNIFF
-        self.xss_filter = settings.SECURE_BROWSER_XSS_FILTER
         self.redirect = settings.SECURE_SSL_REDIRECT
         self.redirect_host = settings.SECURE_SSL_HOST
         self.redirect_exempt = [re.compile(r) for r in settings.SECURE_REDIRECT_EXEMPT]
@@ -42,9 +41,6 @@ class SecurityMiddleware(MiddlewareMixin):
         if self.content_type_nosniff:
             response.headers.setdefault('X-Content-Type-Options', 'nosniff')
 
-        if self.xss_filter:
-            response.headers.setdefault('X-XSS-Protection', '1; mode=block')
-
         if self.referrer_policy:
             # Support a comma-separated string or iterable of values to allow
             # fallback.
author	Tim Graham <timograham@gmail.com>	2021-04-23 08:59:35 -0400
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2021-04-30 12:32:52 +0200
commit	54da6e2ac20bde80e0de9e35aa0c40ae1dd13943 (patch)
tree	2c89d734b430d7f32381680601e8ef805b2c73fa /django/middleware/security.py
parent	8bcb00858e0ddec79cc96669c238d29c30d7effb (diff)