Remove the X-XSS code and fix test

ONSdigital · Jan 13, 2025 · e5ee9eb · e5ee9eb
1 parent 565a843
commit e5ee9eb
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/app/setup.py b/app/setup.py
@@ -284,7 +284,6 @@ def setup_secure_headers(application):
         strict_transport_security=True,
         strict_transport_security_max_age=31536000,
         frame_options="DENY",
-        x_xss_protection=True,
     )
 
 

diff --git a/tests/integration/test_app_create.py b/tests/integration/test_app_create.py
@@ -116,8 +116,8 @@ def test_enforces_secure_headers(self):
                 headers["Strict-Transport-Security"],
             )
             self.assertEqual("DENY", headers["X-Frame-Options"])
-            self.assertEqual("1; mode=block", headers["X-Xss-Protection"])
             self.assertEqual("nosniff", headers["X-Content-Type-Options"])
+            self.assertNotIn("X-XSS-Protection", headers)
 
     def test_csp_policy_headers(self):
         cdn_url = "https://cdn.test.domain"