Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Cannot remove error "The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN"? #36430

Closed
5 of 9 tasks
tchap2 opened this issue Jan 29, 2023 · 1 comment
Closed
5 of 9 tasks

[Bug]: Cannot remove error "The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN"? #36430

tchap2 opened this issue Jan 29, 2023 · 1 comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug

Comments

@tchap2
Copy link

tchap2 commented Jan 29, 2023

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

Running NC 25.0.3 in docker on UNRAID OS. nginx came embedded in NC with docker installation
In Settings-> overview shows following error:

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

Can someone explain how to remove this error?

Explanation here and here are both total nonsense.

In both cases, everyone comments, but no one can provide a solution. Not even Nextcloud developers. Worse, NC developers keep saying "update NC and report back if issue persists" - THE ISSUE HAS BEEN PERSISTING FOR AT LEAST 6 MAJOR NC RELEASES - Developers- How much proof do you need?

What is the name of the file that must be edited, where is this file located (full path), and where within the file must "SAMEORIGIN" be added? What is the exact syntax?

I just updated to 25.0.3, and the "The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN" is still there.

Solutions in nextcloud User Guide DO NOT WORK!

Can someone please put an end to this non-sense and explain STEP-BY-STEP exactly WHERE, WHAT needs to be changed? It's ridiculous that after so many years of complaining, this is the ONLY ERROR that cannot be fixed on nextcloud.

Steps to reproduce

See "Bug description"

Expected behavior

See "Bug description"

Installation method

None

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

See "Bug description"

List of activated Apps

See "Bug description"

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response
@tchap2 tchap2 added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Jan 29, 2023
@szaimen szaimen closed this as completed Jan 29, 2023
@szaimen
Copy link
Contributor

szaimen commented Jan 29, 2023

Lets handle this in #24129

@nextcloud nextcloud locked as too heated and limited conversation to collaborators Jan 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@szaimen @tchap2