dschulz
September 4, 2016, 12:10pm
1
Hi,
after doing a fresh install of Nextcloud 10 on Debian 8, mysql, I cannot add or configure APPs. Opening the dropdown menu on the left side of the web interface shows the activated apps with the spinning wheel. The apps “activity” can be started and seems to work, starting “Apps” results in spinning wheel on the left and right side of the web ui, no progress even after waiting a very long time.
Nextcloud.log is empty.
Any idea what might have happend?
Thanks for your ideas!
Hi @dschulz ,
I am sorry to hear about your problems with configuring your Nextcloud. Could you please provide some more information about your instance (OS, Webserver, PHP, …) … The easiest way to do this would be to fill out the issue template you will find here:
<!--
Thanks for reporting issues back to Nextcloud! This is the issue tracker of Nextcloud, if you have any support question please check out https://nextcloud.com/support
This is the bug tracker for the Server component. Find other components at https://github.com/nextcloud/
For reporting potential security issues please see https://nextcloud.com/security/
To make it possible for us to help you please fill out below information carefully.
You can also use the Issue Template application to prefill most of the required information: https://apps.nextcloud.com/apps/issuetemplate
If you are a customer, please submit your issue directly in the Nextcloud Portal https://portal.nextcloud.com so it gets resolved more quickly by our dedicated engineers.
Note that Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
-->
### Steps to reproduce
1.
2.
3.
### Expected behaviour
This file has been truncated. show original
Thank you
Marius
dschulz
September 4, 2016, 4:22pm
3
Hi Marius,
I have just found the reason for the problems. Due to a security audit I have set a few Headers within Apache.
Removing the following solved my problem:
Header set Content-Security-Policy “default-src https:”
Here is a complete list of my headers:
<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
Header set Content-Security-Policy "frame-ancestors 'none'"
Header set X-XSS-Protection "1; mode=block"
# Header set Content-Security-Policy "default-src https:"
</IfModule>
Perhaps you have an idea what have happened.
OS is Debian 8.5
web server is Apache 2.4.10
Thanks a lot
Dirk
rullzer
September 5, 2016, 7:26am
4
This probably happens because we set the CSP policy as well. @LukasReschke should know more
Your CSP header is not really more secure than the one we ship by default. Also, don’t set such headers yourself. It will break stuff.