Update headers

2019-11-01 16:53:28 -05:00
parent c26fee9fcf
commit 6c69e2c9ce
1 changed files with 6 additions and 4 deletions
--- a/config/application.rb
+++ b/config/application.rb
@@ -29,10 +29,12 @@ module StandardNotes
    # }

    SecureHeaders::Configuration.default do |config|
-      config.x_frame_options = "SAMEORIGIN"
-      config.x_content_type_options = "nosniff"
-      config.x_xss_protection = "1; mode=block"
-      config.hsts = "max-age=#{1.week.to_i}"
+      # Handled by server
+      config.x_frame_options = SecureHeaders::OPT_OUT
+      config.x_content_type_options = SecureHeaders::OPT_OUT
+      config.x_xss_protection = SecureHeaders::OPT_OUT
+      config.hsts = SecureHeaders::OPT_OUT
+      
      config.csp = {
        # "meta" values. these will shape the header, but the values are not included in the header.
         preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.