I just installed Nextcloud 220.127.116.11 and everything works fine. No error messages. I then ran a security scan at https://scan.nextcloud.com and 1 problem popped up. __Host-Prefix has a red “x” beside it and says “The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.”
I’ve looked this up on Google and tried numerous fixes but none of them work, plus they are all for older versions of Nextcloud. Anyone know how to get __Host-Prefix to pass on the nextcloud security scan?
I’ve tried …
Header always set Referrer-Policy “no-referrer”
Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
You’ve linked me to a post telling me to remove alias from my Apache configuration yet I stated in my original post that I had already tried that. I tried it again but again I got the same error message from the scan.