-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HSTS header app not working #7
Comments
Which server do you use? In case you are using apache, is the headers module available? |
Plesk shared server with Nginx MariaDB |
I have the same problem on my nextcloud (https://cloninger.cloud). App is installed and enabled in NC, but does not show in headers. Running Apache 2.4.43. Do not have mod_headers as /etc/ is not writable by me. (virtual Linux host). Can't sudo, cannot restart Apache. Thanks |
Weird. It would be nice if you could add some debug code to the app, so that we can get the reason for this malfunction. Just add the following to the end of \OC::$server->getLogger()->debug(isModHeadersAvailable() ? 'Mod Headers is available' : 'Mod Headers is NOT available');
\OC::$server->getLogger()->debug(isHTTPS() ? 'Served via httpS' : 'Served via http'); |
If it is a server side config then session var session.use_strict_mode is set to 0 on my servers |
@sualko I made the change as shown in appinfo/app.php at the bottom. Logging was already on. There is no log message appearing. What would trigger the message? I loaded in a private instance and nothing showed in the logs. Is it possible the app isn't loading at all? I'm assuming this goes into the log at nextclouddata/nextcloud.log? I'm running 19.0.1 (Stable channel). PHP 7.4.8. I don't really have a lot of apps installed. At the moment, it's just a Proof of Concept for myself. |
Just added these lines to .htaccess
Case closed for me, no need for module. |
@SarahDela I can confirm that also works for me. Thank you! @sualko It appears that my .htaccess also has this bit, so that may be why it wasn't working.
|
ModHeaders is always the preferred method, therefore this app will not add any header if the module is available. If you can add it via htaccess, everything is fine. |
Hello @sualko I have in my
I disable: |
|
Hi @sualko I have option in Dietpi OS to enable HSTS without eny other operations. I forget about it. Sorry. |
My nextcloud web site is https://d-cloud.ch
I’m trying to get your HSTS header app to work with Nextcloud, but keep on getting this error:
Also added these lines to config.php
I still get no-HSTS header
here: https://securityheaders.com/
And here https://hstspreload.org/
Any help would be welcome
Kind regards
The text was updated successfully, but these errors were encountered: