From 0da7ca2e4dac7c55cd4622633e9ca8e0a3af5fad Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sun, 8 Dec 2013 13:17:43 +0000
Subject: [PATCH] Change of security related headers & comment out

The X-CSP was stopping Firefox from working, complained about a CSP in
Emmet
Changed the security items, then found none were needed, so commented
out
---
 lib/settings.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/settings.php b/lib/settings.php
index a2cb607..317ccef 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -15,9 +15,9 @@ $context = stream_context_create(array('http'=>
 	)
 ));
 
-// Set a policy of allowing scripts on the same domain
-// header("X-XSS-Protection: 0"); // Turn off XSS filter
-header("X-Content-Security-Policy: allow 'self'");
+// Set our security related headers, none activated
+// header("frame-options: SAMEORIGIN");
+// header("XSS-Protection: 1; mode=block");
 
 // Start a session if we haven't already
 if(!isset($_SESSION)) {@session_start();}