From d6326ce0bfcbd96afdd86533c8c3ac89b321c316 Mon Sep 17 00:00:00 2001
From: Kerstin Humm <kerstin@erictapen.name>
Date: Tue, 9 Sep 2025 14:26:02 +0200
Subject: [PATCH] nixos/canaille: remove HTTP header X-XSS-Protection

Addresses https://github.com/NixOS/nixpkgs/issues/438800

(cherry picked from commit 301e5cca9cd670aacfca1c9df0babfd6c37e1bf9)
---
 nixos/modules/services/security/canaille.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nixos/modules/services/security/canaille.nix b/nixos/modules/services/security/canaille.nix
index fd11ac58df53..6858ad0e4a94 100644
--- a/nixos/modules/services/security/canaille.nix
+++ b/nixos/modules/services/security/canaille.nix
@@ -349,7 +349,6 @@ in
 
         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
         add_header X-Frame-Options                      "SAMEORIGIN"    always;
-        add_header X-XSS-Protection                     "1; mode=block" always;
         add_header X-Content-Type-Options               "nosniff"       always;
         add_header Referrer-Policy                      "same-origin"   always;
       '';