remove xss protection no modern browser supports this header

crazyguitar · crazyguitar · commit f68fd03521b6 · 2023-12-19T09:35:44.000-08:00
Signed-off-by: Chang-Ning Tsai &lt;changnit@amazon.com&gt;
diff --git a/app_test.py b/app_test.py
@@ -44,7 +44,6 @@ def check_security_headers(self, resp):
         """Check security headers."""
         headers = resp.headers
         self.assertTrue("Content-Security-Policy" in headers)
-        self.assertTrue("X-XSS-Protection" in headers)
         self.assertTrue("X-Content-Type-Options" in headers)
         self.assertTrue("Content-Security-Policy" in headers)
         self.assertTrue("Feature-Policy" in headers)
diff --git a/requirements.txt b/requirements.txt
@@ -5,7 +5,7 @@ Flask==2.3.3
 Flask-SSLify==0.1.5
 Flask-Testing==0.8.1
 Flask-SeaSurf==1.1.1
-flask-talisman==1.0.0
+flask-talisman==1.1.0
 gunicorn==21.2.0
 pycodestyle==2.11.1
 pydocstyle==6.3.0
