Setting X-Frame-Options


#1

Hello, I am trying to solve what seems like a common problem. I think I understand what the problem is but I cannot find out where to edit to solve it. PDFs do not display in viewer, showing only a blank page. This depends on an incorrect conflicting X-Frame-Options value but I cannot understand in which configuration file this value is. My search for the error has shown a very probable cause and explanations of the value to edit, but not where the file to be edited is located.

Steps to reproduce
1. Open any PDF (not corrupt, normally readable)

Expected behaviour
PDF is displayed in PDF viewer page

Actual behaviour
Blank page is shown

Server configuration
Operating system: Ubuntu 16.04
Web server: Apache2
Database: MySQL
PHP version: 7.0.15
ownCloud version (see ownCloud admin page): 9.1.4
Updated from an older ownCloud or fresh install: fresh
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption):

Javascript console says
"Refused to display [PDF] in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('DENY, SAMEORIGIN, SAMEORIGIN'). Falling back to 'deny'."

It appears I should edit the value to SAMEORIGIN only. The error appears to depend on NGINX reverse proxy and a related post is displayed, but I cannot understand how to edit as I have no /etc/nginx directory in my directory tree and I do not know how this works.
Thank you for any assistance.


#2

Hi,

for configuration support on nginx please jump over to the support of nginx [1] which can help / teach you how to configure nginx correctly.

From ownCloud side its just important that you're using the example config provided in [2] as this won't set multiple headers.

[1] https://www.nginx.com/support/

[2] https://doc.owncloud.org/server/latest/admin_manual/installation/nginx_examples.html#example-configurations.


#3

Thank you for the examples but for all the references to the "nginx configuration file" I cannot understand where this file is located since I do not have an /etc/nginx directory and I can see no mention of nginx in the /owncloud directory.


#4

I have also searched for the configuration file at
/usr/local/nginx/conf/nginx.conf
and /usr/local/etc/nginx/nginx.conf
but /nginx sub-dir does not exist in either case.


#5

We can't tell you in here where those files are located. It highly depends on the way you did the installation of you webserver and similar, this is nothing ownCloud specific.

Please either ask for help at the nginx support or a community dedicated to your used linux distribution


#6

Btw. are you sure that you're running a nginx reverse proxy?


#7

That is the point, I am not sure of it at all, the error is stated in the Javascript message I posted and the only explanations I could find were that it is an nginx problem, but I doubt nginx is even installed on my system, which is a stock Ubuntu 16.04 with oC installed via apt-get and working perfectly except for this PDF viewer error. I am trying to ascertain where exactly the SAMEORIGIN value should be edited.


#8

So if you're only running Apache then a good starting point would be a community like [1] or any of the apache support options listed at [2]. They might be able to tell you which files to edit and how to configure this.

Overall ownCloud is setting an X-Frame-Options: SAMEORIGIN on its own so something in your webserver / environment is adding this additional duplicated statements and the mentioned resources might be able to help you.

[1] http://www.apachelounge.com/

[2] https://httpd.apache.org/support.html