From 0e15b9a69a77014d3a6397b861c7311e78dcc1c1 Mon Sep 17 00:00:00 2001
From: Graham Triggs <grahamtriggs@gmail.com>
Date: Fri, 10 Nov 2017 12:01:23 -0500
Subject: [PATCH] [VIVO-1404] Disable XSS protection on the SPARQL query page

---
 .../vitro/webapp/controller/admin/SparqlQueryController.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
index df1fb7440..6166d1cf9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
@@ -96,6 +96,7 @@ public class SparqlQueryController extends FreemarkerHttpServlet {
 				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTION)) {
 			return;
 		}
+		resp.addHeader("X-XSS-Protection", "0");
 		if (req.getParameterMap().containsKey("query")) {
 			respondToQuery(req, resp);
 		} else {