Remove unused setting SECURE_BROWSER_XSS_FILTER

From docs: Most modern browsers don't honor the ``X-XSS-Protection`` HTTP header. You can use Content-Security-Policy without allowing ``'unsafe-inline'`` scripts instead.
craigcook · Apr 5, 2024 · 57904eb · 57904eb
1 parent ba86fb7
commit 57904eb
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/bedrock/settings/base.py b/bedrock/settings/base.py
@@ -648,7 +648,6 @@ def get_app_name(hostname):
 SECURE_REFERRER_POLICY = config("SECURE_REFERRER_POLICY", default="strict-origin-when-cross-origin")
 SECURE_HSTS_SECONDS = config("SECURE_HSTS_SECONDS", default="0", parser=int)
 SECURE_HSTS_INCLUDE_SUBDOMAINS = False
-SECURE_BROWSER_XSS_FILTER = config("SECURE_BROWSER_XSS_FILTER", default="true", parser=bool)
 SECURE_CONTENT_TYPE_NOSNIFF = config("SECURE_CONTENT_TYPE_NOSNIFF", default="true", parser=bool)
 SECURE_SSL_REDIRECT = config("SECURE_SSL_REDIRECT", default=str(not DISABLE_SSL), parser=bool)
 SECURE_REDIRECT_EXEMPT = [