[/details]
Nextcloud version : 20.0.4
Operating system and version: debian 10
Apache or nginx version: nginx 1.14.2
PHP version (eg, 7.4): 7.3
The issue you are facing:
i Cant embed a nextcloud form into my blog using an iFrame.
Is this the first time you’ve seen this error? (Y/N):
No
Steps to replicate it:
- Try to embed a form with iFrame
- see error 'Firefox Can’t Open This Page, To protect your security, cloud.nextcloud.url will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.
- try to change /lib/public/AppFramework/Http/ContentSecurityPolicy.php or nextcloud/lib/private/legacy/OC_Response.php as recomended in Nextcloud 19 server: Allow iframe / embedding from external domains
- restart server
- nothing changes.
The output of your nextcloud/lib/private/legacy/OC_Response.php
// Send fallback headers for installations that don't have the possibility to send
// custom headers on the webserver side
if (getenv('modHeadersAvailable') !== 'true') {
header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.8$
// header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
header('X-Frame-Options: ALLOW-FROM https://blog.url');
header('X-Content-Security-Policy: frame-ancestors https://*.blog.url');
header('Content-Security-Policy: frame-ancestors https://*.blog.url');
header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-se$
header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/doc$
header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'passwordsalt' => 'HERPADERPDERP',
'secret' => 'BLERP',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'https://cloud.nextcloud.url',
2 => 'https://blog.url',
),
'datadirectory' => '/home/yunohost.app/nextcloud/data',
'dbtype' => 'mysql',
'version' => '20.0.4.0',
'overwrite.cli.url' => 'https://cloud.nextcloud.url',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'HERPADERPDERP',
'installed' => true,
'instanceid' => 'HERPADERPDERP',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'updatechecker' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'integrity.check.disabled' => true,
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'simpleSignUpLink.shown' => false,
'redis' =>
array (
'host' => 'localhost',
'port' => '6379',
'timeout' => '0.0',
'password' => '',
),
'hashing_default_password' => true,
'logout_url' => '',
'app_install_overwrite' =>
array (
0 => 'ownpad',