remove secure headers.

Pipfile

@@ -17,7 +17,6 @@ shortuuid = "*"
 quart = "*"
 quart-cors = "*"
 quart-compress = "*"
-secure = "*"
 typing-extensions = "*"
 httpx = "*"
 quart-trio = "*"

lnbits/app.py

@@ -7,7 +7,6 @@ from quart import g
 from quart_trio import QuartTrio
 from quart_cors import cors  # type: ignore
 from quart_compress import Compress  # type: ignore
-from secure import SecureHeaders  # type: ignore
 
 from .commands import db_migrate, handle_assets
 from .core import core_app
@@ -27,8 +26,6 @@ from .tasks import (
 )
 from .settings import WALLET
 
-secure_headers = SecureHeaders(hsts=False, xfo=False)
-
 
 def create_app(config_object="lnbits.settings") -> QuartTrio:
     """Create application factory.
@@ -46,7 +43,6 @@ def create_app(config_object="lnbits.settings") -> QuartTrio:
     register_blueprints(app)
     register_filters(app)
     register_commands(app)
-    register_request_hooks(app)
     register_async_tasks(app)
     register_exception_handlers(app)
 
@@ -112,15 +108,6 @@ def register_filters(app: QuartTrio):
     app.jinja_env.globals["EXTENSIONS"] = get_valid_extensions()
 
 
-def register_request_hooks(app: QuartTrio):
-    """Open the core db for each request so everything happens in a big transaction"""
-
-    @app.after_request
-    async def set_secure_headers(response):
-        secure_headers.quart(response)
-        return response
-
-
 def register_async_tasks(app):
     @app.route("/wallet/webhook", methods=["GET", "POST", "PUT", "PATCH", "DELETE"])
     async def webhook_listener():

requirements.txt

@@ -37,7 +37,6 @@ quart-cors==0.4.0
 quart-trio==0.7.0
 represent==1.6.0.post0
 rfc3986==1.4.0
-secure==0.2.1
 shortuuid==1.0.1
 six==1.15.0
 sniffio==1.2.0