From 9253d894d39e20c22fc513b11b91d0fcbdcecd07 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 18 Aug 2025 13:30:53 +0100 Subject: [PATCH 1/2] Removed XSS-Protection header @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection#security_considerations Signed-off-by: snipe --- app/Http/Middleware/SecurityHeaders.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php index 8e6c17b4e7..e740c76678 100644 --- a/app/Http/Middleware/SecurityHeaders.php +++ b/app/Http/Middleware/SecurityHeaders.php @@ -26,7 +26,6 @@ class SecurityHeaders $response = $next($request); $response->headers->set('X-Content-Type-Options', 'nosniff'); - $response->headers->set('X-XSS-Protection', '1; mode=block'); // Ugh. Feature-Policy is dumb and clumsy and mostly irrelevant for Snipe-IT, // since we don't provide any way to IFRAME anything in in the first place. From 9b4101855f003ca9142a94d26763bfee4ffe1d31 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 18 Aug 2025 15:24:15 +0100 Subject: [PATCH 2/2] Undo double-float Signed-off-by: snipe --- app/Helpers/Helper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Helpers/Helper.php b/app/Helpers/Helper.php index 33fc21fc9d..7980e22fe1 100644 --- a/app/Helpers/Helper.php +++ b/app/Helpers/Helper.php @@ -123,9 +123,9 @@ class Helper if (is_numeric($cost)) { if (Setting::getSettings()->digit_separator=='1.234,56') { - return (float) number_format($cost, 2, ',', '.'); + return number_format($cost, 2, ',', '.'); } - return (float) number_format($cost, 2, '.', ','); + return number_format($cost, 2, '.', ','); } // It's already been parsed. return $cost;