disable the key-pins-header until we decide how we want users to input it...

disable the key-pins-header until we decide how we want users to input it because it's causing an issue trying to use a db connection before the db is initialized.

disable the key-pins-header until we decide how we want users to input it...
4efe1517 · Allen Gilliland · cb8ff23f · 4efe1517
Commit 4efe1517 authored 9 years ago by Allen Gilliland
--- a/src/metabase/middleware.clj
+++ b/src/metabase/middleware.clj
@@ -172,13 +172,14 @@
 (defn- api-security-headers [] ; don't need to include all the nonsense we include with index.html
  (merge (cache-prevention-headers)
         strict-transport-security-header
-         (public-key-pins-header)))
+         ;(public-key-pins-header)
+         ))

 (defn- index-page-security-headers []
  (merge (cache-prevention-headers)
         strict-transport-security-header
         content-security-policy-header
-         (public-key-pins-header)
+         ;(public-key-pins-header)
         {"X-Frame-Options"                   "DENY"          ; Tell browsers not to render our site as an iframe (prevent clickjacking)
          "X-XSS-Protection"                  "1; mode=block" ; Tell browser to block suspected XSS attacks
          "X-Permitted-Cross-Domain-Policies" "none"          ; Prevent Flash / PDF files from including content from site.