The "SAMEORIGIN" warning does not go away! #11507
Comments
|
As this seems to be a setup issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/ |
|
GitMate.io thinks possibly related issues are #5975 (Preview of theming does not work anymore), #11085 (Relation does not exist), #6350 (does not allow me to create users), #4764 (duplicate X-Frame-Options: SAMEORIGIN in header, triggers no NO SAMEORIGIN Warning in admin panel), and #9199 (Search does not take effect). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Hi, after the update to nextcloud the following configuration message appeared:
The "X-Frame-Options" HTTP header is not configured as "SAMEORIGIN". This is a potential security or privacy risk, and we recommend changing this setting.
To solve the security bug I added the following string in the .htaccess file:
Header always append X-Frame-Options SAMEORIGIN
But the warning continues to show up.
What is this problem due to? thank you so much
PHP version: 7.2.8
Nextcloud version: 14.0.1
The text was updated successfully, but these errors were encountered: