It is great that NextCloud 11 finally has the public calendar sharing functionality enabled!
So as soon as I upgraded, I went on to embed our public calendar into our public event page as an iframe only to find that it is not rendered if the web server send the SAMEORIGIN security header, which I have enabled as nextcloud recommends.
Our Nextcloud instance has a separate subdomain. Therefore the SAMEORIGIN restriction seems to apply. Is there a way deal with this situation other than to remove the security header? Either to add an exception for the location /apps/calendar/public/ in the nginx server config (if thatβs possible) or, which would be the more elegant way, to make our main domain and our nextcloud subdomain play nicely together by making it clear that they can be considered (by the browser?!) as the same domain?
@LukasReschke Why does the public link page does not work? There should be usually nothing hidden or private, because all the authentication information is in the URL and cookies should not be a problem, right?
I am trying to embed a public calendar link to another domain, using NC. 14.0.6 .
I still get Refused to display 'https://XXX/index.php/apps/calendar/embed/3RQALNLiTfF7GHTe' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('ALLOW, SAMEORIGIN'). Falling back to 'deny'
Isnβt there any way to embed the calendar on a different domain currently?
It seems the actual culprit is Content-Security-Policy, because Nextcloud seems to set its own strict values for that header. I tried to manually set a value for that header in the NGINX config, but it seems that nextcloud generates code that overrides whatever I set. It seems, that therefore embedding a public calendar is therefore all but impossible.