From d245226053b3db5ba820a9fc115aa6a9a4123409 Mon Sep 17 00:00:00 2001
From: Neill Wolf <neillawolf@gmail.com>
Date: Fri, 16 Dec 2022 15:37:19 -0600
Subject: [PATCH] set X-XSS-Protection headers to 0 in lighttpd.conf

Signed-off-by: Neill Wolf <neillawolf@gmail.com>
---
 advanced/lighttpd.conf.debian | 2 +-
 advanced/lighttpd.conf.fedora | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index 21e48d6c..74761303 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -90,7 +90,7 @@ $HTTP["url"] =~ "^/admin/" {
     setenv.add-response-header = (
         "X-Pi-hole" => "The Pi-hole Web interface is working!",
         "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "1; mode=block",
+        "X-XSS-Protection" => "0",
         "X-Content-Type-Options" => "nosniff",
         "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
         "X-Permitted-Cross-Domain-Policies" => "none",
diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora
index 3da62839..7a6a39c5 100644
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -98,7 +98,7 @@ $HTTP["url"] =~ "^/admin/" {
     setenv.add-response-header = (
         "X-Pi-hole" => "The Pi-hole Web interface is working!",
         "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "1; mode=block",
+        "X-XSS-Protection" => "0",
         "X-Content-Type-Options" => "nosniff",
         "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
         "X-Permitted-Cross-Domain-Policies" => "none",