Nextcloud security error: "HTTP header is not configured to equal to "SAMEORIGIN"

Zinkie · May 30, 2017, 3:38pm

Hey all,

My install of Nextcloud 12 comes up with the following security warning:

The “X-Frame-Options” HTTP header is not configured to equal to “SAMEORIGIN”. This is a potential security or privacy risk and we recommend adjusting this setting.

I’ve been trying to figure out how to update the headers, but am running into very complicated seeming advice that hasn’t worked for me so far.

Any ideas on how to go about fixing this?

mokas01 · May 30, 2017, 7:09pm

Hi Zinkie,

It has been a game since NC 11… Nobody found the perfect solution yet. The following PR disactivate all CSP protection, which is not the good answer, but at least it works…

How did you install NC 12 ? Does it also works for you ?

Zinkie · June 1, 2017, 10:05am

That seems to just be replacing one security issue with another security issue. :-/ Thanks for the reply and info though!