* Scott Helme has stopped requiring it on SecurityHeaders.com -
https://scotthelme.co.uk/security-headers-updates/
* Chrome has is removing their XSS Auditor -
https://bugs.chromium.org/p/chromium/issues/detail?id=968591
* Edge already removed their XSS auditor
* This is all because the protection is minimal and the false positives
tend to be damaging - https://frederik-braun.com/xssauditor-bad.html
As suggested by Ran on #30426, rather than enforce the setting
`SECURE_BROWSER_XSS_FILTER`, we should actually be looking at removing the
check `security.W007` so users have one less thing to think about for a
modern security posture.
--
Ticket URL: <https://code.djangoproject.com/ticket/30680>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* component: Core (Other) => Core (System checks)
* version: 2.2 => master
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/30680#comment:1>
* easy: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30680#comment:2>
* owner: nobody => Adnan Umer
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/30680#comment:3>
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30680#comment:4>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"c5075360c50b6e681fb3e7d58e6e93ae96662f49" c5075360]:
{{{
#!CommitTicketReference repository=""
revision="c5075360c50b6e681fb3e7d58e6e93ae96662f49"
Fixed #30680 -- Removed obsolete system check for
SECURE_BROWSER_XSS_FILTER setting.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30680#comment:5>