Nextcloud version: 18.0.4
Operating system and version: Raspbian Buster Lite 4.19
Apache: Apache/2.4.38 (Raspbian)
PHP version: PHP 7.3.14
The issue you are facing: I want to embed my nextcloud via iframe in my smarthome interface (ioBroker) but I keep getting an error message /embedding doesn’t work. I already looked into several other topics in this forum but nothing seems to work for me (or possibly I made a mistake)
ioBroker is running on a raspberry Pi (192.168.0.199), nextcloud on another raspberry (192.168.0.157)
I am pretty new to all of this and I am aware of the security risk what some of this involves but neither of those are connected to the internet.
Error message on my vis in iobroker: redirected you too many times.
What I’ve tried
- uncommented header(‘X-Frame-Options: SAMEORIGIN’); // Disallow iFraming from other domains
// Send fallback headers for installations that don't have the possibility to send
// custom headers on the webserver side
//header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
- Changed /var/www/html/nextcloud/lib/public/AppFramework/Http/ContentSecurityPolicy.php
/** @var array Domains from which iframes can be loaded */
protected $allowedFrameDomains = [
'http://*.192.168.0.199',
];
/** @var array Domains which can embed this Nextcloud instance */
protected $allowedFrameAncestors = [
'\'self\'',
'http://*.192.168.0.199',
];
- Uncommented .htaccess Frame Options
<IfModule mod_env.c>
# Add security and privacy related headers
Header always set Referrer-Policy "no-referrer"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Download-Options "noopen"
# Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set X-Robots-Tag "none"
Header always set X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
</IfModule>
Thanks for any help