after several years of hosting nextcloupi on a local raspi, i am switching to yunohost (so I’m a newbie to yunohost) on vps and must say: so far I’m very impressed, great software, thanks for the great work !!!
__Host-Prefix
The __Host prefix mitigates cookie injection vulnerabilities within potential third-party
software sharing the same second level domain. It is an additional hardening on top of 'normal' same-site cookies.
searched here on the forum and did not find a solution (found the following)
I would be very grateful for any hints.
My YunoHost server
Hardware: VPS bought online YunoHost version: 11.2.9.1 (stable). I have access to my server : in every possible way for VPS (YHweb, VPSconsole, ssh) Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no If your request is related to an app, specify its name and version: Nextcloud 28.0.1~ynh2
I’ll not help a lot, but I just did the same test, with the only difference being NextCloud is having it’s own domain (something like nextcloud.myserver.tld )
And in this situation (same YunoHost version, same NextCloud version), I do not have a __Host-Prefix warning.
Hi Mamie,
thanks for answering !
I’m not sure, are you saying, that you have an own domain only for your nextcloud?
nextcloud.extradomainfornextcloud.tld
or do you have an extra subdomain ?
(which is the case with me)
i startetd once more from scratch, to be sure, not to have misconfigured anything. But the result is the same.
I can open wolke.mydomain.de without the path behind, but it redirects directly to wolke/mydomain.de/nextcloud
and the nextcloud security-scan still complains about this.
I installed the app with the webfrontend, can that be the problem, are there maybe different options when istalling vom cli?
yeah, that worked. Thanks!
Actually, when I tried this with my first setup it did not work (or so it seemed) well, obviously I made some mistake.
Anyway: making the input field behind / empty seems to have solved the issue.
Hint to people stumbling on this:
If you create the subdomain first and put ‘/’ in the path in the nextcloud-installation-dialog, it should work directly.