Merge pull request #31629 from nextcloud/feat/remove-ie-headers

author: Pytal <24800714+Pytal@users.noreply.github.com> 2022-03-21 18:09:50 -0700
committer: GitHub <noreply@github.com> 2022-03-21 18:09:50 -0700
commit: 5747b9b01a5bf34699ccb3a5f80698a22437eece (patch)
tree: e82dbedf76cc36294a0be34138e19ad2a1ecffca /core
parent: b314a13e1c4a673c8c68e964e4b60ef09bd0aff6 (diff)
parent: ea0e45d81e6963dab8c89981538f9d5fe2d51472 (diff)
download: nextcloud-server-5747b9b01a5bf34699ccb3a5f80698a22437eece.tar.gz
nextcloud-server-5747b9b01a5bf34699ccb3a5f80698a22437eece.zip
6 files changed, 0 insertions, 31 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 266f35a9552..7e97f1e832d 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -658,7 +658,6 @@
 					'X-Content-Type-Options': ['nosniff'],
 					'X-Robots-Tag': ['none'],
 					'X-Frame-Options': ['SAMEORIGIN', 'DENY'],
-					'X-Download-Options': ['noopen'],
 					'X-Permitted-Cross-Domain-Policies': ['none'],
 				};
 				for (var header in securityHeaders) {
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
index 5914a6f2449..8fd4681d4d1 100644
--- a/core/js/tests/specs/setupchecksSpec.js
+++ b/core/js/tests/specs/setupchecksSpec.js
@@ -1492,14 +1492,10 @@ describe('OC.SetupChecks tests', function() {
 				}, {
 					msg: 'The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.',
 					type: OC.SetupChecks.MESSAGE_TYPE_WARNING
-
 				}, {
 					msg: 'The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.',
 					type: OC.SetupChecks.MESSAGE_TYPE_WARNING
 				}, {
-					msg: 'The "X-Download-Options" HTTP header is not set to "noopen". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.',
-					type: OC.SetupChecks.MESSAGE_TYPE_WARNING
-				}, {
 					msg: 'The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.',
 					type: OC.SetupChecks.MESSAGE_TYPE_WARNING
 				}, {
@@ -1524,7 +1520,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
 					'Strict-Transport-Security': 'max-age=15768000;preload',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				}
@@ -1556,7 +1551,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
 					'Strict-Transport-Security': 'max-age=15768000',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer'
 				}
@@ -1579,7 +1573,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				});
@@ -1600,7 +1593,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				});
@@ -1621,7 +1613,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				});
@@ -1647,7 +1638,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				});
@@ -1675,7 +1665,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer',
 				});
@@ -1696,7 +1685,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'no-referrer-when-downgrade',
 				});
@@ -1717,7 +1705,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'strict-origin',
 				});
@@ -1738,7 +1725,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'strict-origin-when-cross-origin',
 				});
@@ -1759,7 +1745,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'same-origin',
 				});
@@ -1780,7 +1765,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'origin',
 				});
@@ -1806,7 +1790,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'origin-when-cross-origin',
 				});
@@ -1832,7 +1815,6 @@ describe('OC.SetupChecks tests', function() {
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
 					'X-Frame-Options': 'SAMEORIGIN',
-					'X-Download-Options': 'noopen',
 					'X-Permitted-Cross-Domain-Policies': 'none',
 					'Referrer-Policy': 'unsafe-url',
 				});
@@ -1860,7 +1842,6 @@ describe('OC.SetupChecks tests', function() {
 				'X-Content-Type-Options': 'nosniff',
 				'X-Robots-Tag': 'none',
 				'X-Frame-Options': 'SAMEORIGIN',
-				'X-Download-Options': 'noopen',
 				'X-Permitted-Cross-Domain-Policies': 'none',
 				'Referrer-Policy': 'no-referrer',
 			}
@@ -1907,7 +1888,6 @@ describe('OC.SetupChecks tests', function() {
 				'X-Content-Type-Options': 'nosniff',
 				'X-Robots-Tag': 'none',
 				'X-Frame-Options': 'SAMEORIGIN',
-				'X-Download-Options': 'noopen',
 				'X-Permitted-Cross-Domain-Policies': 'none',
 				'Referrer-Policy': 'no-referrer',
 			}
@@ -1933,7 +1913,6 @@ describe('OC.SetupChecks tests', function() {
 				'X-Content-Type-Options': 'nosniff',
 				'X-Robots-Tag': 'none',
 				'X-Frame-Options': 'SAMEORIGIN',
-				'X-Download-Options': 'noopen',
 				'X-Permitted-Cross-Domain-Policies': 'none',
 				'Referrer-Policy': 'no-referrer',
 			}
@@ -1959,7 +1938,6 @@ describe('OC.SetupChecks tests', function() {
 				'X-Content-Type-Options': 'nosniff',
 				'X-Robots-Tag': 'none',
 				'X-Frame-Options': 'SAMEORIGIN',
-				'X-Download-Options': 'noopen',
 				'X-Permitted-Cross-Domain-Policies': 'none',
 				'Referrer-Policy': 'no-referrer',
 			}
@@ -1984,7 +1962,6 @@ describe('OC.SetupChecks tests', function() {
 			'X-Content-Type-Options': 'nosniff',
 			'X-Robots-Tag': 'none',
 			'X-Frame-Options': 'SAMEORIGIN',
-			'X-Download-Options': 'noopen',
 			'X-Permitted-Cross-Domain-Policies': 'none',
 			'Referrer-Policy': 'no-referrer',
 		});
@@ -2005,7 +1982,6 @@ describe('OC.SetupChecks tests', function() {
 			'X-Content-Type-Options': 'nosniff',
 			'X-Robots-Tag': 'none',
 			'X-Frame-Options': 'SAMEORIGIN',
-			'X-Download-Options': 'noopen',
 			'X-Permitted-Cross-Domain-Policies': 'none',
 			'Referrer-Policy': 'no-referrer',
 		});
@@ -2026,7 +2002,6 @@ describe('OC.SetupChecks tests', function() {
 			'X-Content-Type-Options': 'nosniff',
 			'X-Robots-Tag': 'none',
 			'X-Frame-Options': 'SAMEORIGIN',
-			'X-Download-Options': 'noopen',
 			'X-Permitted-Cross-Domain-Policies': 'none',
 			'Referrer-Policy': 'no-referrer',
 		});
@@ -2047,7 +2022,6 @@ describe('OC.SetupChecks tests', function() {
 			'X-Content-Type-Options': 'nosniff',
 			'X-Robots-Tag': 'none',
 			'X-Frame-Options': 'SAMEORIGIN',
-			'X-Download-Options': 'noopen',
 			'X-Permitted-Cross-Domain-Policies': 'none',
 			'Referrer-Policy': 'no-referrer',
 		});
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 6e0c1c16f28..0eb80098889 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -5,7 +5,6 @@
 		<title>
 		<?php p($theme->getTitle()); ?>
 		</title>
-		<meta http-equiv="X-UA-Compatible" content="IE=edge">
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
 		<meta name="theme-color" content="<?php p($theme->getColorPrimary()); ?>">
 		<link rel="icon" href="<?php print_unescaped(image_path('', 'favicon.ico')); /* IE11+ supports png */ ?>">
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index e74f2d8ebbf..b97181d9457 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -9,7 +9,6 @@
 		<title>
 		<?php p($theme->getTitle()); ?>
 		</title>
-		<meta http-equiv="X-UA-Compatible" content="IE=edge">
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
 		<?php if ($theme->getiTunesAppId() !== '') { ?>
 		<meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>">
diff --git a/core/templates/layout.public.php b/core/templates/layout.public.php
index 3f406569f6a..17752de10cd 100644
--- a/core/templates/layout.public.php
+++ b/core/templates/layout.public.php
@@ -8,7 +8,6 @@
 		p($theme->getTitle());
 		?>
 	</title>
-	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
 	<?php if ($theme->getiTunesAppId() !== '') { ?>
 	<meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>">
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 55112c564a6..aa6ff416ba1 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -22,7 +22,6 @@ $getUserAvatar = static function (int $size) use ($_): string {
 				p($theme->getTitle());
 			?>
 		</title>
-		<meta http-equiv="X-UA-Compatible" content="IE=edge">
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
 		<?php if ($theme->getiTunesAppId() !== '') { ?>
 		<meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>">
author	Pytal <24800714+Pytal@users.noreply.github.com>	2022-03-21 18:09:50 -0700
committer	GitHub <noreply@github.com>	2022-03-21 18:09:50 -0700
commit	5747b9b01a5bf34699ccb3a5f80698a22437eece (patch)
tree	e82dbedf76cc36294a0be34138e19ad2a1ecffca /core
parent	b314a13e1c4a673c8c68e964e4b60ef09bd0aff6 (diff)
parent	ea0e45d81e6963dab8c89981538f9d5fe2d51472 (diff)
download	nextcloud-server-5747b9b01a5bf34699ccb3a5f80698a22437eece.tar.gz nextcloud-server-5747b9b01a5bf34699ccb3a5f80698a22437eece.zip