Hi! First of all, I theoretically know how to fix this, but snap doesn’t allow this approach. So:
I Installed Nextcloud 22.2.0 on my ubuntu server using snap. And I see this:
There are some warnings regarding your setup. The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
The tip says (and I quote):
This can be achieved by setting the following settings within the Apache VirtualHost file:
But I don’t have access to that file because of snap and/or design choice.
Thus administrators are encouraged to set the HTTP Strict Transport Security header
If I don’t have access, I’m not the administrator. So shouldn’t that be a default setting? Is there a way for me to fix this?
Does the title sound interesting if you read it out loud? Is it a good summary?
I’d say “snap vs. ‘The Strict-Transport-Security’ HTTP header is not set to at least ‘15552000’ seconds.’” doesn’t sound interesting. Hmm. I’ll add “with pirates and explosions” to the title. That’s better.