Disable the X-XSS-Protection header in defaults

[terop]

Disable the XSS Auditor in older browsers by default. The X-XSS-Protection header has been deprecated by modern browsers due to security issues it introduces on the client.

See: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#x-xss-protection-header

Fixes #35.

[atomist[bot]]

Commit messages of this repository should follow the seven rules of a great Git commit message, as mentioned in the project's contributing guidelines. It looks like there's a few issues with the commit messages in this pull request:

• The commit message body has a line over 72 characters.

[terop]

I resurrected the change from PR #36 with the requested commit message change. Because I cannot updated the existing the PR I created a new one instead.

[weavejester]

Thanks for the update. However, now that I take another look at the code of this PR, there are parts that confuse me. If the X-XSS-Protection header is deprecated, why is it still set to be added to the response? In addition, the link in the commit is now broken.

Let's instead just remove the option from site-defaults, and add a deprecation notice to the README. Let's reference this URL for the reason for the change in the commit message: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

[atomist[bot]]

Commit messages of this repository should follow the seven rules of a great Git commit message, as mentioned in the project's contributing guidelines. It looks like there's a few issues with the commit messages in this pull request:

• The commit message body has a line over 72 characters.

[terop]

I tried to do the changes you suggested but I am not sure if they are correct and sufficient.

[weavejester]

The changes look good, and were exactly what I was thinking of. I'm not sure what the original PR's change to lines 80-82 was about. What happens if we revert those alterations?

[atomist[bot]]

Commit messages of this repository should follow the seven rules of a great Git commit message, as mentioned in the project's contributing guidelines. It looks like there's a few issues with the commit messages in this pull request:

• The commit message body has a line over 72 characters.

[terop]

Code changed as suggested, unit tests pass at least.

[terop]

@weavejester could you kindly check the latest changes?

[atomist[bot]]

Commit messages of this repository should follow the seven rules of a great Git commit message, as mentioned in the project's contributing guidelines. It looks like there's a few issues with the commit messages in this pull request:

• The commit message body has a line over 72 characters.

[terop]

@weavejester could you again kindly take a look at the latest changes?

[atomist[bot]]

Commit messages of this repository should follow the seven rules of a great Git commit message, as mentioned in the project's contributing guidelines. It looks like there's a few issues with the commit messages in this pull request:

• The commit message body has a line over 72 characters.

[weavejester]

Perfect! Thank you.

[terop]

@weavejester would it be possible to soon have a new release of ring-defaults with this change?

[weavejester]

Done. Apologies for the delay.

[terop]

No problem, many thanks for the release.