-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nextcloud 12 - Issues with Integrity Check and "X-Frame-Options"..."SAMEORIGIN" #4605
Comments
The Maybe @josh4trunks knows why there is same origin listed twice in the headers for Nginx. |
@MorrisJobke Maybe it is being set twice because of The documentation already has |
Please try removing |
Can you please post your configs in code blocks instead of PDFs? That is interesting, even with you SAMEORIGIN lines commented out, the header shows up. |
The documentation of what? Nextcloud? fastcgi_params (default - no cahnges applied):
|
yes i meant the nedtcloud documentation. ok to clarify. you have an nginx instance running the gateway_conf configuration, then for the testcloud, nginx on another machine? |
im not sure hoe this double header is being generated. possibly a bug in nextcloud 12? Im a bit lost in your setup but i do not think that could cause the double header. |
ohh, i see where the ssl conf is included. disregard my previous question on that. |
Server A (nc.c-rieger.de):
points to
i will re-install Nextcloud 12 in a root-folder instead of a subfolder and will doublecheck. Will be back with the testresults ... but i have to accompany my twins to their riding first. |
sounds good, I'm suspecting a bug here |
I re-installed NC12 from scratch in the web-root (https://192.168.2.17/login) and took the configuration from Nextclouds-Documentation. Unfortunately, i still ran in the same issues: So this must be related to NC12 and NGINX. |
The So the |
OK, if removed from NGINX it works fine. |
Apps that are in shipped.json follow some more requirements such as having a valid code integrity check. This is not something that we require when they come from the appstore as there we verify the download integrity via the signature. Also the updater treats apps that are shipped differently. We should however handle the apps like any other app from the appstore. Fixes #4605 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Apps that are in shipped.json follow some more requirements such as having a valid code integrity check. This is not something that we require when they come from the appstore as there we verify the download integrity via the signature. Also the updater treats apps that are shipped differently. We should however handle the apps like any other app from the appstore. Fixes #4605 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Potential patch at #4626 |
See nextcloud/documentation#434 for the documentation update as well as the release notes |
New dailies are at https://download.nextcloud.com/server/daily/latest-master.tar.bz2 |
@LukasReschke Thank you! |
Hi Nextclouders,
I just installed Nextcloud 12 alpha (Nextcloud 12.0 alpha Build:2017-04-28T22:01:10+00:00 d4e5b1b), based on an ODroid C2, NGINX 1.13, Ubuntu 16.04.02 LTS x64,, PHP 7.1.4, mariadb 10.0.29 and ran into two issues:
NGINX is configured properly using "proxy_set_header X-Frame-Options "SAMEORIGIN; always;";"
![grafik](https://cloud.githubusercontent.com/assets/20593693/25558600/5cc92f74-2d2a-11e7-9a47-35820a0d31b3.png)
This is a clone of my productiv Nextcloud 11.0.3 environment which is running without the issues above.
Cheers, Carsten
The text was updated successfully, but these errors were encountered: