From f6b3d969a1e5435ec0ac4e4a11df52f165abda61 Mon Sep 17 00:00:00 2001
From: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Date: Thu, 27 Jul 2023 09:21:03 +0200
Subject: [PATCH] Remove content security header `upgrade-insecure-requests`
 which breaks http only server configs

---
 .../src/main/java/sonia/scm/filter/SecurityHeadersFilter.java    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
index 75d41cc82e..ba348b67f6 100644
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
@@ -44,7 +44,6 @@ public class SecurityHeadersFilter extends HttpFilter {
         "form-action 'self'; " +
         "object-src 'none'; " +
         "frame-ancestors 'none'; " +
-        "upgrade-insecure-requests; " +
         "block-all-mixed-content"
     );
     response.setHeader("Permissions-Policy",