Problems Referrer-Policy

Hey

I have been from the 17.0.1 update trying to fix the error I have

  • The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin”, “strict-origin-when-cross-origin” or “same-origin”.

    This is my .htaccess in the NextCloud folder
    ```


    SetEnvIfNoCase ^Authorization$ “(.+)” XAUTHORIZATION=$1
    RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION


    SetEnvIfNoCase Authorization “(.+)” HTTP_AUTHORIZATION=$1

    # Add security and privacy related headers Header always set Referrer-Policy "no-referrer" Header set Referrer-Policy "no-referrer-when-downgrade" Header set Referrer-Policy "strict-origin" Header set Referrer-Policy "strict-origin-when-cross-origin" Header set Referrer-Policy "same-origin" Header always set X-Content-Type-Options "nosniff" Header always set X-Download-Options "noopen" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Permitted-Cross-Domain-Policies "none" Header always set X-Robots-Tag "none" Header always set X-XSS-Protection "1; mode=block" SetEnv modHeadersAvailable true

    Add cache control for static resources

    <FilesMatch “.(css|js|svg|gif)$”>
    Header set Cache-Control “max-age=15778463”

    Let browsers cache WOFF files for a week

    <FilesMatch “.woff2?$”>
    Header set Cache-Control “max-age=604800”



    php_value mbstring.func_overload 0
    php_value default_charset ‘UTF-8’
    php_value output_buffering 0

    SetEnv htaccessWorking true



    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} DavClnt
    RewriteRule ^$ /remote.php/webdav/ [L,R=302]
    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
    RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
    RewriteRule ^.well-known/webfinger /public.php?service=webfinger [QSA,L]
    RewriteRule ^.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
    RewriteRule ^.well-known/carddav /remote.php/dav/ [R=301,L]
    RewriteRule ^.well-known/caldav /remote.php/dav/ [R=301,L]
    RewriteRule ^remote/(.) remote.php [QSA,L]
    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.
    - [R=404,L]
    RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
    RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]


    AddType image/svg+xml svg svgz
    AddEncoding gzip svgz


    DirectoryIndex index.php index.html

    AddDefaultCharset utf-8
    Options -Indexes

    ModPagespeed Off

DO NOT CHANGE ANYTHING ABOVE THIS LINE

ErrorDocument 403 //
ErrorDocument 404 //
//
** It's from Apche **
<VirtualHost *:80>
DocumentRoot “/usr/local/www/apache24/data/nextcloud”
ServerName 1234
Redirect permanent / https://1234/
RewriteEngine on
RewriteCond %{SERVER_NAME} =1234
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Header always set X-Frame-Options “SAMEORIGIN”

Header always set Referrer-Policy “no-referrer”
Header set Referrer-Policy “no-referrer-when-downgrade”
Header set Referrer-Policy “strict-origin”
Header set Referrer-Policy “strict-origin-when-cross-origin”
Header set Referrer-Policy “same-origin”
Dav off

SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any

<VirtualHost *:443>
ServerName 1234
DirectoryIndex index.php
DocumentRoot /usr/local/www/apache24/data/nextcloud
SSLCertificateFile /usr/local/etc/letsencrypt/live/1234/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/1234/privkey.pem
SSLEngine on

Intermediate configuration, tweak to your needs

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all


Header always set Referrer-Policy “no-referrer”
Header set Referrer-Policy “no-referrer-when-downgrade”
Header set Referrer-Policy “strict-origin”
Header set Referrer-Policy “strict-origin-when-cross-origin”
Header set Referrer-Policy “same-origin”
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”


```

Don’t know what happened to add code on this site but it’s not good
Don’t know what’s wrong
Thanks

If you insert a line with three backticks (```) above and below the code you want to provide, it will be better readable :wink:

Didn’t really help