Hi there, excellent Owncloud masters!
So, I'm fairly new at this whole running an Owncloud server thing, and I'm having a few minor but irritating issues.
Issue:
The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
The problem is that these settings are already correct. When I check the headers with, for example, keycdn.com, then I find that the server reports:
X-FRAME-OPTIONS: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Steps to reproduce
- Install CentOs 7
- Install PHP 7
- Install Owncloud 10
4: Add all settings seemingly correctly.
Expected behaviour
No X-content errors should show up.
Actual behaviour
The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
Server configuration
CentOS Linux release 7.3.1611 (Core)
Web server:
Apache 2.4.6
Database:
5.5.52-MariaDB
PHP version:
PHP 7.0.21
ownCloud version: (see ownCloud admin page)
10.0.0 (Minor issue: It seems impossible to update top 1.0.2 despite the admin panel complaining that it wants to be updated.)
Updated from an older ownCloud or fresh install:
Fresh install
Where did you install ownCloud from:
I used this repository: https://download.owncloud.org/download/repositories/stable/CentOS_7/repodata/repomd.xml.key
Signing status (ownCloud 9.0 and above):
Newbie status confirmed. I have no idea what this is or how to provide the answer :).
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
File simply says: No erros have been found
``
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
{
"system": {
"instanceid": "oc1i7yju93iq",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"filer.friab.se"
],
"datadirectory": "\/var\/www\/html\/owncloud\/data",
"overwrite.cli.url": "https:\/\/notreal.domain\/owncloud",
"dbtype": "mysql",
"version": "10.0.0.12",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"maintenance": false,
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "\/var\/run\/redis\/redis.sock",
"port": 0,
"timeout": 0
}
}
}
List of activated apps:
Enabled:
- activity: 2.3.3
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.2.8
- federatedfilesharing: 0.3.0
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.0
- files_pdfviewer: 0.8.1
- files_sharing: 0.10.0
- files_texteditor: 2.1
- files_trashbin: 0.9.0
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- gallery: 15.0.0
- market: 0.1.0
- notifications: 0.3.0
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- templateeditor: 0.1
- updatenotification: 0.2.1
Disabled:
- encryption
- example-theme
- external
- files_antivirus
- user_external
**Are you using external storage, if yes which one:** local/smb/sftp/...
No
**Are you using encryption:** yes/no
No
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
No
### Client configuration
**Browser:**
Firefox 54.0.1
**Operating system:**
Windows Server 2016 and Windows 10
### Logs
#### Web server error log
Insert your webserver log here
#### ownCloud log (data/owncloud.log)
{"reqId":"WXns6nAACIdLMFKLHdNwCgAAAAs","level":3,"time":"2017-07-27T13:38:50+00:00","remoteAddr":"I","user":"admin","app":"PHP","method":"GET","url":"\/owncloud\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Redis::connect(): connect() failed: No such file or directory at \/var\/www\/html\/owncloud\/lib\/private\/RedisFactory.php#83"}
{"reqId":"WXns6nAACIdLMFKLHdNwCgAAAAs","level":3,"time":"2017-07-27T13:38:50+00:00","remoteAddr":"IP","user":"admin","app":"PHP","method":"GET","url":"\/owncloud\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at \/var\/www\/html\/owncloud\/lib\/composer\/patchwork\/utf8\/src\/Patchwork\/Utf8\/Bootup\/intl.php#18"}
{"reqId":"WXns7CW4vqvy1iukxpjd0AAAAAA","level":3,"time":"2017-07-27T13:38:52+00:00","remoteAddr":"IP","user":"admin","app":"PHP","method":"GET","url":"\/owncloud\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Redis::connect(): connect() failed: No such file or directory at \/var\/www\/html\/owncloud\/lib\/private\/RedisFactory.php#83"}
{"reqId":"WXns7CW4vqvy1iukxpjd0AAAAAA","level":3,"time":"2017-07-27T13:38:53+00:00","remoteAddr":"IP4","user":"admin","app":"PHP","method":"GET","url":"\/owncloud\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at \/var\/www\/html\/owncloud\/lib\/composer\/patchwork\/utf8\/src\/Patchwork\/Utf8\/Bootup\/intl.php#18"}
#### Browser log
If you think these are needed, then I'd be happy to add them as well.`