Hello, I installed Nextcloud successfully a few weeks ago and the Overview page wasn’t showing any errors. To my surprise now it’s saying the following;
Some headers are not set correctly on your instance - The `X-Robots-Tag` HTTP header is not set to `noindex,nofollow`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The `X-Frame-Options` HTTP header is not set to `sameorigin`. Some features might not work correctly, as it is recommended to adjust this setting accordingly. - The `X-Permitted-Cross-Domain-Policies` HTTP header is not set to `none`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. For more details see the documentation ↗.
I’m not sure how to fix this in Nextcloud itself but running the command
curl -I https://cloud.domain.tld
in a cmd prompt on Windows gave me the following results;
4 hours ago, i turned off the server to upgrade ram and now its saying that the X-headers are missconfigured, and if i check the security of the server it says its okay. this is really Odd.
I see this error on only one of two identical nc29 docker installations - one shows no warning the other one does!
no issue with production instance running NC28.0.6
I found my issue - the problem is related to SSO activated in the instance where the orror occurs. If SSO is active unauthenticated requests are forwarded to an IdP. for details in this GH issues