X-Frame-Options error - Githubissues

hoellen / dockerfiles

Dockerfiles

https://hub.docker.com/u/hoellen

Creative Commons Zero v1.0 Universal

36 stars 17 forks source link

X-Frame-Options error #31

Closed mhbates closed 4 years ago

mhbates commented 4 years ago

Strangely, I'm now getting an error about X-Frame-Options after the addition of that setting to the image. I updated my container this morning.

The error is:

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

hoellen commented 4 years ago

Since Nextcloud 17, the X-Frame-Options header isn't set by Nextcloud anymore. So it is now set by nginx (in the config file). But for Nextcloud 15 and 16 it is now set twice, which is not permitted.

So we need to remove the header for the old versions. I'll try to fix it by the end of the week.

mhbates commented 4 years ago

Great, thanks for the quick response.

hoellen commented 4 years ago

It should be fixed now. Please verify if it solves the problem.

mhbates commented 4 years ago

That fixed it, thanks again.