Can't open PDF documents

I’m going to try this again:
I am having the same issue with PDF Viewer not showing the PDF files, however clearing the browser cache didn’t help. I’ve tried in Chrome, Firefox and Opera. I have:
PDF Viewer 1.2.1
Nextcloud 13.0.1.1
Ubuntu Server 16.04,
Apache 2.4.18,
MariaDB 10.0.34,
PHP 7.0,

I have the latest most updated versions of the three browsers. Here is an image of the issue. Having not used PDF Viewer before I’m not sure how it “should” display the PDF file, but what it does is give a blank screen and the bread-crums are dead links. Below, the image I’ve included, I’ve pasted the actual errors that I pulled from Chrome in the Inspector Console, which I’m trying to research. I think it might be a setting in Apache or SSL but, I’m not sure yet. Does anyone have know this or have any insights or advice? Thanks very much.

DevTools failed to parse SourceMap: https://000.000.000.000/core/vendor/purify.min.js.map
/index.php/apps/files/?dir=/TWU-Historical-Data/Local564/Bankers%20Boxes/Finance-July-Dec-2011/July-2011-a&fileid=3935#pdfviewer:1 Refused to display ‘https://000.000.000.000/index.php/apps/files_pdfviewer/?file=%2Fremote.php%2Fwebdav%2FTWU-Historical-Data%2FLocal564%2FBankers%20Boxes%2FFinance-July-Dec-2011%2FJuly-2011-a%2FL564-BankStatements-Chase1679-July2011.PDF’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘ALLOW, SAMEORIGIN’). Falling back to ‘deny’.
core.js?v=352bdf8e-4:2 Uncaught DOMException: Failed to read the ‘contentDocument’ property from ‘HTMLIFrameElement’: Blocked a frame with origin “https://000.000.000.000” from accessing a cross-origin frame.
at contents (https://000.000.000.000/core/vendor/core.js?v=352bdf8e-4:2:26378)
at Function.map (https://000.000.000.000/core/vendor/core.js?v=352bdf8e-4:2:3485)
at a.fn.init.n.fn.(anonymous function) [as contents] (https://000.000.000.000/core/vendor/core.js?v=352bdf8e-4:2:26466)
at HTMLIFrameElement. (https://000.000.000.000/apps/files_pdfviewer/js/previewplugin.js?v=352bdf8e-4:76:32)
at HTMLIFrameElement.dispatch (https://000.000.000.000/core/vendor/core.js?v=352bdf8e-4:3:6466)
at HTMLIFrameElement.r.handle (https://000.000.000.000/core/vendor/core.js?v=352bdf8e-4:3:3241)

Hi,

Clearing the browser cache didn’t work, because you are facing a different problem :wink:
Should be a new topic.

This is the relevant message for you:
Refused to display ‘https ://000.000.000.000/index.php/apps/files_pdfviewer…Boxes…PDF’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘ALLOW, SAMEORIGIN’). Falling back to ‘deny’.

Not an issue with the PDF viewer, but with your X-Frame-Options which you probably defined twice and with different values.

1 Like

Thank you. Will make a new topic. Have a great day.

As @lothius wrote me in a PN he could solve the problem

He had to add SAMEORIGIN to both .htaccess and to ssl.params.conf. That solved the problem for him.

So if anyone stumbles accross the same problem, that’s the solution :wink:

2 Likes

Thank you!

Hi - have added ‘X-Frame-Options’ to the .htaccess file:

... Header set X-Frame-Options "ALLOW, SAMEORIGIN"

Hope this is correct :slight_smile:

But where do I find the ssl.params.conf file?

Actually that seems to have done the trick.

:-:slightly_smiling_face:

Actually, seem to be back where I started. Was working for a while - now not working, and cannot open mail either

Refused to display 'https:// … ’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘SAMEORIGIN, ALLOW, SAMEORIGIN’). Falling back to ‘deny’.

I cannot find an X-Frame-Options entry in my apache config, either.

Cheer
DOn

Okay - might open a new issue, as it is driving me nuts.

In Firefox, there is no problem.

With Chrome and Chromebooks, I can either have mail working correctly or I can open PDF’s. But not both.

If I remove the Header set X-Frame-Options "ALLOW, SAMEORIGIN" from the htaccess file, I still get a header X-Frame-Options: SAMEORIGIN and I cannot open PDFs, but I can open mail.

II get the PDF.js v2.0.673 (build: 31012570) Message: Unexpected server response (503) while retrieving PDF error with PDF’s.

If I add header set X-Frame-Options "ALLOW, SAMEORIGIN" to the htaccess file, or add Header always append X-Frame-Options "ALLOW, SAMEORIGIN" cannot open mail, but I can open PDFs. With mail, I get Refused to display 'https://server/index.php/apps/mail/api/accounts/4/folders/SU5CT1g=/messages/16554/html' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOW, SAMEORIGIN'). Falling back to 'deny'.

I cannot see where the SAMEORIGIN header is being set.

Actually - no longer sure what is happening in chrome, but have to go now.

Any help would be appreciated. I cannot work this out.

Cheers

Don

Hi,

That was actually a bad idea. The error message, that you receive

and the message the topic owner had:

actually inform you, that “ALLOW” and “SAMEORIGIN” are completely different settings and they stand in conflict.
This means, your X-Frame-Options should have only “SAMEORIGIN” as value, nothing more.

This header can be set in the .htaccess and in the web server configuration. So check both for the header please and correct the values to be “SAMEORIGIN” only.

After you changed your values, please run a Header scan via:

and copy/paste us the “Raw Headers” part here.

Well, that puts me back to where I started from. Removed from both .htaccess and the apache config file, and the Web Developer thingie give me:

X-Frame-Options: SAMEORIGIN

Still cannot open pdf’s but can open mail. The very problem I was trying to fix. I don’t know where that is being set, either. Default is, AFAIK, deny, and I cannot find any setting in my .htaccess or apache config files.

Anyway - that’s all the time I can spend on it.

But thanks for your help. Sorry I was getting a bit testy there :slight_smile:

Hello.

I was not able to open PDF files any longer after I “hardened” my server, Nextcloud 14.0.4 running on Raspberry Pi.

I went through each change one after other, “post mortem” that is. :smiley:

I had to comment out the following line in the /etc/apache2/apache2.conf

Header always append X-Frame-Options “DENY”

Thanks, and have a nice day.