-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OC env headers problem #29125
Comments
Your output is currently showing the issue. The server is sending invalid headers:
|
Any ideas where could this be loaded from? I have the same problem and I didn't find anything under ssl.conf in apache mods dir, all header entries are disabled there, vhost is clean, it doesn't even have HSTS header - only entries in .htaccess are active. |
@mislav-eu ownCloud is sending/defining some sane headers by default so this won't show up on a standard setup (there are thousands of 10.0.x installations out there) https://github.com/owncloud/core/blob/v10.0.3/.htaccess#L16-L25 https://github.com/owncloud/core/blob/v10.0.3/lib/private/legacy/response.php#L259-L267 Everything else (like the duplicated nosniff or the DENY, SAMEORIGIN) is probably something where your webserver config is messing around with the headers. If your on Apache you will find some options how to get support for such issues here: https://httpd.apache.org/support.html Similar exists for nginx: |
FWIW another issue could be duplicated headers sent by your webserver (e.g. two times a sent |
I'll check if there are any double entries there, everything else is basically default installation followed by cmd lines from admin docs. Thank you. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Steps to reproduce
The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
Expected behaviour
Tell us what should happen - this messages shouldn't be displayed as all required steps to prevent this/enable this are done.
Actual behaviour
Tell us what happens instead - error messages is shown instead
Server configuration
Operating system: ubuntu 16.04.
Web server: apache
Database: mysql
PHP version: php 7.0
ownCloud version: (see ownCloud admin page) - 10.0.3.
Updated from an older ownCloud or fresh install: fresh install
Where did you install ownCloud from: - from packages, apt-get install
Signing status (ownCloud 9.0 and above):
No errors have been found.
The content of config/config.php:
List of activated apps:
Enabled:
Disabled:
Are you using external storage, if yes which one: local/smb/sftp/... - no
Are you using encryption: - no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... - no
Client configuration
Browser: - latest firefox browser
Operating system: windows 10
Logs
Web server error log
No errors related to headers are shown in logs.
ownCloud log (data/owncloud.log)
No errors related to headers are shown in logs.
Browser log
The text was updated successfully, but these errors were encountered: