From f68fd03521b622e8a7644c38d89f81ab8e82488e Mon Sep 17 00:00:00 2001
From: Chang-Ning Tsai <changnit@amazon.com>
Date: Tue, 19 Dec 2023 09:35:44 -0800
Subject: [PATCH] remove xss protection no modern browser supports this header

Signed-off-by: Chang-Ning Tsai <changnit@amazon.com>
---
 app_test.py      | 1 -
 requirements.txt | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app_test.py b/app_test.py
index 0b25b3db..02d79b4e 100644
--- a/app_test.py
+++ b/app_test.py
@@ -44,7 +44,6 @@ def check_security_headers(self, resp):
         """Check security headers."""
         headers = resp.headers
         self.assertTrue("Content-Security-Policy" in headers)
-        self.assertTrue("X-XSS-Protection" in headers)
         self.assertTrue("X-Content-Type-Options" in headers)
         self.assertTrue("Content-Security-Policy" in headers)
         self.assertTrue("Feature-Policy" in headers)
diff --git a/requirements.txt b/requirements.txt
index 4379c6ac..98349127 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ Flask==2.3.3
 Flask-SSLify==0.1.5
 Flask-Testing==0.8.1
 Flask-SeaSurf==1.1.1
-flask-talisman==1.0.0
+flask-talisman==1.1.0
 gunicorn==21.2.0
 pycodestyle==2.11.1
 pydocstyle==6.3.0