From 50d2dadea244a15d90c163ab8d7dcd7ef223e904 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Thu, 26 Sep 2013 18:15:22 +0100
Subject: [PATCH] Added note for disabling XSS filter method

---
 lib/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/settings.php b/lib/settings.php
index 364aa44..a2cb607 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -16,7 +16,7 @@ $context = stream_context_create(array('http'=>
 ));
 
 // Set a policy of allowing scripts on the same domain
-//header("X-XSS-Protection: 0");
+// header("X-XSS-Protection: 0"); // Turn off XSS filter
 header("X-Content-Security-Policy: allow 'self'");
 
 // Start a session if we haven't already