From aebb00db65cf4cb33d42ec48c1b76401095c69f1 Mon Sep 17 00:00:00 2001
From: titanism <101466223+titanism@users.noreply.github.com>
Date: Thu, 4 Jan 2024 04:37:02 -0600
Subject: [PATCH] fix: remove X-XSS-Protection header from helmet

---
 index.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/index.js b/index.js
index 48a3f04..b1998da 100644
--- a/index.js
+++ b/index.js
@@ -259,6 +259,12 @@ class Web {
     // (needs to come before i18n so HSTS header gets added)
     if (this.config.helmet) app.use(helmet(this.config.helmet));
 
+    // remove X-XSS-Protection header from Helmet
+    app.use((ctx, next) => {
+      ctx.remove('X-XSS-Protection');
+      return next();
+    });
+
     // i18n
     if (this.config.i18n) {
       // create new @ladjs/i18n instance