NextCloud 14.0.2, Ubuntu 18.04.1, Apache 2.4.29
Interesting situation … if this line:
Header always set X-Frame-Options SAMEORIGIN
appears in my httpd.conf, I get the message:
The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN"
in the Settings | Administration | Overview screen. If I inspect the headers, that header shows up twice. (And I understand that’s not a good thing, so I get why Nextcloud would complain about it - although the warning message could be more informative.)
That header directive is not in my .htaccess file (or anyplace else I can find). So two questions:
#1, where is the second instance coming from?
#2, why doesn’t “always set” just override any existing header?