Add some generic default headers as well via PHP

author: Lukas Reschke <lukas@owncloud.com> 2015-03-26 15:30:00 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2015-03-26 22:32:57 +0100
commit: 9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c (patch)
tree: 7211c2361a63aebfedff4c529a3df3d3995af8b5 /core/js/setupchecks.js
parent: 74a9fc29b43b54ec8aa9f6b9cac1cbfa4a5136e2 (diff)
download: nextcloud-server-9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c.tar.gz
nextcloud-server-9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index d5bd1c465b2..67925d75d34 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -115,9 +115,9 @@
 				};
 
 				for (var header in securityHeaders) {
-					if(xhr.getResponseHeader(header) !== securityHeaders[header]) {
+					if(!xhr.getResponseHeader(header) || xhr.getResponseHeader(header).toLowerCase() !== securityHeaders[header].toLowerCase()) {
 						messages.push(
-							t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]})
+							t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security or privacy risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]})
 						);
 					}
 				}
author	Lukas Reschke <lukas@owncloud.com>	2015-03-26 15:30:00 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2015-03-26 22:32:57 +0100
commit	9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c (patch)
tree	7211c2361a63aebfedff4c529a3df3d3995af8b5 /core/js/setupchecks.js
parent	74a9fc29b43b54ec8aa9f6b9cac1cbfa4a5136e2 (diff)
download	nextcloud-server-9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c.tar.gz nextcloud-server-9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c.zip