Hey
I have been from the 17.0.1 update trying to fix the error I have
-
The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin”, “strict-origin-when-cross-origin” or “same-origin”.
This is my .htaccess in the NextCloud folder
# Add security and privacy related headers Header always set Referrer-Policy "no-referrer" Header set Referrer-Policy "no-referrer-when-downgrade" Header set Referrer-Policy "strict-origin" Header set Referrer-Policy "strict-origin-when-cross-origin" Header set Referrer-Policy "same-origin" Header always set X-Content-Type-Options "nosniff" Header always set X-Download-Options "noopen" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Permitted-Cross-Domain-Policies "none" Header always set X-Robots-Tag "none" Header always set X-XSS-Protection "1; mode=block" SetEnv modHeadersAvailable true
```
SetEnvIfNoCase ^Authorization$ “(.+)” XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
SetEnvIfNoCase Authorization “(.+)” HTTP_AUTHORIZATION=$1
Add cache control for static resources
<FilesMatch “.(css|js|svg|gif)$”>
Header set Cache-Control “max-age=15778463”
Let browsers cache WOFF files for a week
<FilesMatch “.woff2?$”>
Header set Cache-Control “max-age=604800”
php_value mbstring.func_overload 0
php_value default_charset ‘UTF-8’
php_value output_buffering 0
SetEnv htaccessWorking true
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
RewriteRule ^.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/. - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
DirectoryIndex index.php index.html
AddDefaultCharset utf-8
Options -Indexes
ModPagespeed Off
DO NOT CHANGE ANYTHING ABOVE THIS LINE
ErrorDocument 403 //
ErrorDocument 404 //
//
** It's from Apche **
<VirtualHost *:80>
DocumentRoot “/usr/local/www/apache24/data/nextcloud”
ServerName 1234
Redirect permanent / https://1234/
RewriteEngine on
RewriteCond %{SERVER_NAME} =1234
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Header always set X-Frame-Options “SAMEORIGIN”
Header always set Referrer-Policy “no-referrer”
Header set Referrer-Policy “no-referrer-when-downgrade”
Header set Referrer-Policy “strict-origin”
Header set Referrer-Policy “strict-origin-when-cross-origin”
Header set Referrer-Policy “same-origin”
Dav off
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
<VirtualHost *:443>
ServerName 1234
DirectoryIndex index.php
DocumentRoot /usr/local/www/apache24/data/nextcloud
SSLCertificateFile /usr/local/etc/letsencrypt/live/1234/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/1234/privkey.pem
SSLEngine on
Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all
Header always set Referrer-Policy “no-referrer”
Header set Referrer-Policy “no-referrer-when-downgrade”
Header set Referrer-Policy “strict-origin”
Header set Referrer-Policy “strict-origin-when-cross-origin”
Header set Referrer-Policy “same-origin”
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
```
Don’t know what happened to add code on this site but it’s not good
Don’t know what’s wrong
Thanks