From 0622db8552b98b61140ec81de8f56f9403e47232 Mon Sep 17 00:00:00 2001
From: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Date: Thu, 3 Oct 2019 14:19:31 -0300
Subject: [PATCH] Reply HTTP requests with `X-XSS-Protection: 1` header

---
 app/cors/server/cors.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/cors/server/cors.js b/app/cors/server/cors.js
index 7c4284535363..84c5b3fb96c0 100644
--- a/app/cors/server/cors.js
+++ b/app/cors/server/cors.js
@@ -50,6 +50,9 @@ settings.get('Support_Cordova_App', (key, value) => {
 });
 
 WebApp.rawConnectHandlers.use(function(req, res, next) {
+	// XSS Protection for old browsers (IE)
+	res.setHeader('X-XSS-Protection', '1');
+
 	if (Support_Cordova_App !== true) {
 		return next();
 	}