From e0d52031d3bf7d1ad5884ccf944fbbf23aadbf9a Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg.bowler@g105b.com>
Date: Thu, 25 Jul 2019 20:11:57 +0100
Subject: [PATCH] Remove security headers - too strict for #323

---
 src/Lifecycle.php | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/src/Lifecycle.php b/src/Lifecycle.php
index 328c8b15..a3dc8a15 100644
--- a/src/Lifecycle.php
+++ b/src/Lifecycle.php
@@ -56,8 +56,6 @@ public function start():void {
 			])
 		);
 
-		$this->defaultSecurityHeaders($config->get("security.default_headers"));
-
 		$input = new Input($_GET, $_POST, $_FILES);
 		$cookie = new CookieHandler($_COOKIE);
 
@@ -125,18 +123,6 @@ public function start():void {
 		$this->finish($response);
 	}
 
-	/**
-	 * Set some sensible security headers by default. These can be
-	 * overridden/disabled in the project's config.ini, but it makes sense
-	 * to supply them by default in order to protect user applications
-	 * without the explicit need for security configuration.
-	 */
-	public function defaultSecurityHeaders(string $headersString) {
-		foreach(explode(";", $headersString) as $header) {
-			header(trim($header));
-		}
-	}
-
 	/**
 	 * By default, PHP passes all sensitive user information around in global variables,
 	 * available for reading and modification in any code, including third party libraries.