diff --git a/app/Helpers/Helper.php b/app/Helpers/Helper.php index 33fc21fc9d..7980e22fe1 100644 --- a/app/Helpers/Helper.php +++ b/app/Helpers/Helper.php @@ -123,9 +123,9 @@ class Helper if (is_numeric($cost)) { if (Setting::getSettings()->digit_separator=='1.234,56') { - return (float) number_format($cost, 2, ',', '.'); + return number_format($cost, 2, ',', '.'); } - return (float) number_format($cost, 2, '.', ','); + return number_format($cost, 2, '.', ','); } // It's already been parsed. return $cost; diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php index 8e6c17b4e7..e740c76678 100644 --- a/app/Http/Middleware/SecurityHeaders.php +++ b/app/Http/Middleware/SecurityHeaders.php @@ -26,7 +26,6 @@ class SecurityHeaders $response = $next($request); $response->headers->set('X-Content-Type-Options', 'nosniff'); - $response->headers->set('X-XSS-Protection', '1; mode=block'); // Ugh. Feature-Policy is dumb and clumsy and mostly irrelevant for Snipe-IT, // since we don't provide any way to IFRAME anything in in the first place.