On the “Security & setup warnings” page I see this warning in bright red:
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN".
I’ve double checked the Apache configuration and again checked with curl and the browser inspector. SAMEORIGIN is set. It appears X-Frame-Options is set twice. According to what I’ve found on other related topics, this header is set by NextCloud itself, hence it is set twice.
I can’t find the documentation about where to tell NextCloud to not set X-Frame-Options as it’s already taken care of server-side. Any help would be great.
Sorry if duplicate, I can’t find any suitable answer