Fix security header setting in .htaccess by adding 'onsuccess unset' - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

diff options

author	zertrin <zertrin@gmail.com>	2020-01-19 23:53:08 +0800
committer	zertrin <zertrin@gmail.com>	2020-03-05 11:11:09 +0800
commit	af5380f5a87cca9240fbaacc1e28ae20b607cdea (patch)
tree	9a9a8d77969d14374a68ab554674f2c65d78e518 /core/Controller/NavigationController.php
parent	48b374f68396bbfd11c858c18038995d806a48b2 (diff)
download	nextcloud-server-af5380f5a87cca9240fbaacc1e28ae20b607cdea.tar.gz nextcloud-server-af5380f5a87cca9240fbaacc1e28ae20b607cdea.zip

Fix security header setting in .htaccess by adding 'onsuccess unset'

The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com>

Diffstat (limited to 'core/Controller/NavigationController.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: