AkkomaGang/akkoma
AkkomaGang/akkoma
15
65
Fork 92
Code Issues 177 Pull requests 24 Projects 2 Releases 14 Packages Wiki Activity

Drop XSS auditor #292

Merged
floatingghost merged 1 commit from :drop-xss-auditor into develop 2022-11-20 04:00:26 +00:00
Conversation 6 Commits 1 Files changed 5 +5 -5
Ghost commented 2022-11-20 01:43:33 +00:00
First-time contributor
Copy link

It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z june@terezi.dev

It's deprecated, removed in some, by all modern browsers and is known to create XSS vulnerabilities in itself. Signed-off-by: r3g_5z <june@terezi.dev>
Ghost added 1 commit 2022-11-20 01:43:34 +00:00
Drop XSS auditor
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
f90552f62e 
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
Ghost commented 2022-11-20 01:53:59 +00:00
Author
First-time contributor
Copy link

No breakage observed as I use this on my instance already by rewriting the headers with zero problems.

No breakage observed as I use this on my instance already by rewriting the headers with zero problems.
floatingghost commented 2022-11-20 03:21:55 +00:00
Owner
Copy link

honestly given that the headers were for like ie8 you could probably remove them entirely

honestly given that the headers were for like ie8 you could probably remove them entirely
Ghost commented 2022-11-20 03:32:34 +00:00
Author
First-time contributor
Copy link

@floatingghost I do agree, though to be on the safe side for any non-standard browsers, it's best to explicitly tell the browser to disable it. Some may still do XSS auditing if not specified.

@floatingghost I do agree, though to be on the safe side for any non-standard browsers, it's best to explicitly tell the browser to disable it. Some may still do XSS auditing if not specified.
Ghost commented 2022-11-20 03:35:05 +00:00
Author
First-time contributor
Copy link

Some current headers in Akkoma (from Pleroma) may be good to drop in general

Some current headers in Akkoma (from Pleroma) may be good to drop in general
floatingghost commented 2022-11-20 04:00:18 +00:00
Owner
Copy link

in that case, this seems fine to me, thanks!

in that case, this seems fine to me, thanks!
floatingghost merged commit 6453297e9c into develop 2022-11-20 04:00:25 +00:00
floatingghost deleted branch drop-xss-auditor 2022-11-20 04:00:26 +00:00
Ghost commented 2022-11-20 04:05:22 +00:00
Author
First-time contributor
Copy link

I'll submit a PR for some header improvements

I'll submit a PR for some header improvements
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#292
No description provided.
Delete branch ":drop-xss-auditor"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?