fix: explicity set X-XSS-Protection to 0 in koa middleware per <helme…

…tjs/helmet#230>
forwardemail · Apr 7, 2023 · e0fb7fc · e0fb7fc
1 parent adf0c86
commit e0fb7fc
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/config/web.js b/config/web.js
@@ -187,6 +187,12 @@ module.exports = (redis) => ({
       app.context.client,
       app.context.logger
     );
+    app.use((ctx, next) => {
+      // since we're on an older helmet version due to koa-helmet
+      // <https://github.com/helmetjs/helmet/issues/230>
+      ctx.set('X-XSS-Protection', '0');
+      return next();
+    });
   },
   hookBeforePassport(app) {
     app.use(async (ctx, next) => {