feat: Removed obsolete security header

Igor Hrcek · Igor Hrcek · commit 776f66f96752 · 2022-04-05T13:23:36.000+02:00
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ wp secure flush
 ```
 
 ### Add Security Headers
-Adds the HSTS, Referrer-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection
+Adds the HSTS, Referrer-Policy, X-Content-Type-Options and X-Frame-Options
 
 You can choose to add all above or only one or more by using `--headers` argument.
 
diff --git a/src/SubCommands/AddSecurityHeaders.php b/src/SubCommands/AddSecurityHeaders.php
@@ -14,8 +14,7 @@ public function getTemplateVars() : array {
             'Strict-Transport-Security' => '"max-age=63072000; includeSubDomains; preload"',
             'Referrer-Policy' => 'strict-origin-when-cross-origin',
             'X-Content-Type-Options' => 'nosniff',
-            'X-Frame-Options' => 'SAMEORIGIN',
-            'X-XSS-Protection' => '"1; mode=block"'
+            'X-Frame-Options' => 'SAMEORIGIN'
         ];
 
         $headers = $this->commandArguments['headers'] ?? array_keys($default_headers);
diff --git a/tests/Feature/AddSecurityHeadersTest.php b/tests/Feature/AddSecurityHeadersTest.php
@@ -25,7 +25,6 @@ public function testItWillContainAllHeadersOnNginx() : void {
         $this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));
         $this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));
         $this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));
-        $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));
     }
 
     public function testItWillContainAllHeadersOnApache() : void {
@@ -35,6 +34,5 @@ public function testItWillContainAllHeadersOnApache() : void {
         $this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));
         $this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));
         $this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));
-        $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@ public function testItWillContainAllHeadersOnNginx() : void {`
`25`	`25`	`$this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));`
`26`	`26`	`$this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));`
`27`	`27`	`$this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));`
`28`		`- $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));`
`29`	`28`	`}`
`30`	`29`
`31`	`30`	`public function testItWillContainAllHeadersOnApache() : void {`
`@@ -35,6 +34,5 @@ public function testItWillContainAllHeadersOnApache() : void {`
`35`	`34`	`$this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));`
`36`	`35`	`$this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));`
`37`	`36`	`$this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));`
`38`		`- $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));`
`39`	`37`	`}`
`40`	`38`	`}`