The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
Missing index “share_with_index” in table “oc_share”.
Missing index “parent_index” in table “oc_share”.
Missing index “fs_mtime” in table “oc_filecache”.
2. The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. This can leak referer information.
i guess this could be solved by this thread (haven’t tried it yet, though)
Error PHP Undefined index: parent at /var/www/nextcloud/lib/private/Files/Cache/Cache.php#168 2018-12-10T22:17:57+0100
yes. user is www-data… too bad that your command showed no result on the screen
That’s probably not the right thread. In the earlier versions the header needed to be added manually, but with NC 14.0.4 the header was added already. Usually, the check fails, if the header is set twice.
Or removing the header from one of the locations. I’m currently trying to find the many threads that were opened recently. If I find them, I’ll post them here.
For the DB part, run: sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
root@nextcloud:/var/log# sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
An unhandled exception has been thrown:
ArgumentCountError: Too few arguments to function OCA\GroupFolders\Command\ExpireGroupVersions::__construct(), 0 passed in /var/www/nextcloud/lib/private/Console/Application.php on line 222 and exactly 1 expected in /var/www/nextcloud/apps/groupfolders/lib/Command/ExpireGroupVersions.php:34
Stack trace: #0 /var/www/nextcloud/lib/private/Console/Application.php(222): OCA\GroupFolders\Command\ExpireGroupVersions->__construct() #1 /var/www/nextcloud/lib/private/Console/Application.php(134): OC\Console\Application->loadCommandsFromInfoXml(Array) #2 /var/www/nextcloud/console.php(95): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput)) #3 /var/www/nextcloud/occ(11): require_once(‘/var/www/nextcl…’)
Here we go:
the other solution is, to remove or comment the header setting from the apache config file (/etc/apache2/apache2.conf):
To remove it from the .htaccess now, doesn’t make any sense to me, because it will be added by nextcloud with every update. Removing Header always set Referrer-Policy "no referrer" from apache config should be more future-proof.
Did you update the app groupfolders to the latest version right before?
When I wanted to run occ to find out the correct commands for the DB index I noticed that occ didn’t run on my server as well. For me this issue occured with the last groupfolders update.
I “solved” that issue by moving the “groupfolders” folder out of /var/www/nextcloud/apps/; i.e. mv /var/www/nextcloud/apps/groupfolders ~/
I don’t suggest moving version 2.0 back in. On github the users are reporting heavy server load and log file flooding.
Best is probably to wait for the next version and install the new and fixed version from the app store. I’ll do that this way.
And yeah, the other message will probably disappear as soon as you comment out one content-policy-header setting.
can you run your site through securityheaders.com and see whether it says something along the lines in the “Warning box”
There was a duplicate.....
If there is, this is causing the message Header always set Referrer-Policy "no referrer" to appear in your admin panel.
I had the same issue and checked in the apache configs as well as in the nginx configs and the .htaccess. I agree with Schmu, I would leave it in the .htaccess since NC is always adding it there with each update you do.
Ah I remember this one as well but couldn’t find a proper solution for it as of now. As far as I understand, NC is setting this SecurityHeader automatically via a PHP file but for some odd reason, it doesn’t work on all of the servers I tried it on.
I keep looking at this and will get back as soon as I found something
“unsafe-eval” was necessary for NC to work at all. With NC15 developers were finally able (after long time of trying/ changing code) to remove that header. Still a few apps have to be changed to continue working without this header setting.
Nonetheless, don’t worry about it, for the time you still use <=NC14.0.4.
Developers already reduced the risk of that header by creating a nounce (probably not the correct terminology).
The feature policy header was also introduced in NC15 afaik. This is a very new header anyway. Just wait for NC15, it’s totally fine.
Hi guys, I just wanted to update you, that NC15 indeed removed unsafe-eval from the CSP. I just checked that on my server.
For “Feature-Policy” on the other hand I cannot make a reliable statement. I “fixed” that for me before and don’t want to remove that for now. Maybe you can perform the header scan again, when on NC15 and report back, if the test tells that Feature-Policy is set.
For CSS it is still unsafe-inline by the way. I think this is still in for backward compatibility of apps which haven’t been fully updated. Will be fixed soon I guess.