Merge pull request #1629 from metabase/disable_key_pins_header

disable the key-pins-header until we decide how we want users to inpu…
metabase · Dec 3, 2015 · b2f5b24 · b2f5b24
2 parents cb8ff23 + 4efe151
commit b2f5b24
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/metabase/middleware.clj b/src/metabase/middleware.clj
@@ -172,13 +172,14 @@
 (defn- api-security-headers [] ; don't need to include all the nonsense we include with index.html
   (merge (cache-prevention-headers)
          strict-transport-security-header
-         (public-key-pins-header)))
+         ;(public-key-pins-header)
+         ))
 
 (defn- index-page-security-headers []
   (merge (cache-prevention-headers)
          strict-transport-security-header
          content-security-policy-header
-         (public-key-pins-header)
+         ;(public-key-pins-header)
          {"X-Frame-Options"                   "DENY"          ; Tell browsers not to render our site as an iframe (prevent clickjacking)
           "X-XSS-Protection"                  "1; mode=block" ; Tell browser to block suspected XSS attacks
           "X-Permitted-Cross-Domain-Policies" "none"          ; Prevent Flash / PDF files from including content from site.