Hello, just now setting up ownCloud on a LAMP stack / Ubuntu 14 behind a nginx reverse proxy. I can't seem to resolve the following warnings / security holes:
The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
make sure that you're not setting the header twice (check with curl).
Also moving to the Miscellenaous category as this is more a webserver related question. You might also need to get some help from a community dedicated to your webservers.
Hi Everyone I run owncloud 10.4.1 and I find the following warning messages:
Security and configuration notices
We recommend enabling system cron since any other method has potential performance and reliability implications.
Some files failed the integrity check. More information on how to solve this problem is available in our documentation. (List of invalid files … / New scan …)
The “X-Content-Type-Options” HTTP header is not configured as “nosniff”. This is a potential risk of data security or confidentiality and we recommend changing this setting.
The “X-Frame-Options” HTTP header is not configured as “SAMEORIGIN”. This is a potential risk of data security or confidentiality and we recommend changing this setting.
if i’m remembering correctly each text has a link to the documentation describing the steps required which i think should help to resolve these hints.