Hi!
I have a fresh installed Nextcloud 11.0.3.2 on my webspace. I can access it without any problems by an browser or via Thunderbird or via Android client aCal.
But I cannot sync my tasks in Thunderbird and I cannot get Nextcloud Android client to work. On Android only aCal and aCalTasks does its work.
When I start Nextcloud via Browser, I get error message, concerning the htaccess. I have not changed the htaccess, which came with Nextcloud. Further there is no htaccess from which some rules could be inherit. Therefore the following security rules should show effect:
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
But the message of Nextcloud shows, that all these rules are not effective.
I am running several websites on the same webspace and each website has a htaccess with exact these rules in it, working effectively! So I am sure, that it is not a question of server configuration and mod_env
I want to have a very secure Nextcloud installation and therefore I would be happy to get some tipps, how I can make sure, that the safety rules in the htaccess will do what is requiered!