X-Content/X-Frame problem with Owncloud 10.0.0 running CentOS 7 and PHP 7

Server
1

Hi there, excellent Owncloud masters!

So, I’m fairly new at this whole running an Owncloud server thing, and I’m having a few minor but irritating issues.

Issue:
The “X-Content-Type-Options” HTTP header is not configured to equal to “nosniff”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Frame-Options” HTTP header is not configured to equal to “SAMEORIGIN”. This is a potential security or privacy risk and we recommend adjusting this setting.

The problem is that these settings are already correct. When I check the headers with, for example, keycdn.com, then I find that the server reports:
X-FRAME-OPTIONS: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Steps to reproduce

  1. Install CentOs 7
  2. Install PHP 7
  3. Install Owncloud 10
    4: Add all settings seemingly correctly.

Expected behaviour

No X-content errors should show up.

Actual behaviour

The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.

Server configuration

CentOS Linux release 7.3.1611 (Core)

Web server:
Apache 2.4.6

Database:
5.5.52-MariaDB

PHP version:
PHP 7.0.21

ownCloud version: (see ownCloud admin page)
10.0.0 (Minor issue: It seems impossible to update top 1.0.2 despite the admin panel complaining that it wants to be updated.)

Updated from an older ownCloud or fresh install:
Fresh install

Where did you install ownCloud from:
I used this repository: download.owncloud.com

Signing status (ownCloud 9.0 and above):
Newbie status confirmed. I have no idea what this is or how to provide the answer :).

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
File simply says: No erros have been found
``

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

{
    "system": {
        "instanceid": "oc1i7yju93iq",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "filer.friab.se"
        ],
        "datadirectory": "\/var\/www\/html\/owncloud\/data",
        "overwrite.cli.url": "https:\/\/notreal.domain\/owncloud",
        "dbtype": "mysql",
        "version": "10.0.0.12",
        "dbname": "owncloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "maintenance": false,
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "\/var\/run\/redis\/redis.sock",
            "port": 0,
            "timeout": 0
        }
    }
}

List of activated apps:
Enabled:

  • activity: 2.3.3
  • comments: 0.3.0
  • configreport: 0.1.1
  • dav: 0.2.8
  • federatedfilesharing: 0.3.0
  • federation: 0.1.0
  • files: 1.5.1
  • files_external: 0.7.0
  • files_pdfviewer: 0.8.1
  • files_sharing: 0.10.0
  • files_texteditor: 2.1
  • files_trashbin: 0.9.0
  • files_versions: 1.3.0
  • files_videoplayer: 0.9.8
  • firstrunwizard: 1.1
  • gallery: 15.0.0
  • market: 0.1.0
  • notifications: 0.3.0
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • templateeditor: 0.1
  • updatenotification: 0.2.1
    Disabled:
  • encryption
  • example-theme
  • external
  • files_antivirus
  • user_external

**Are you using external storage, if yes which one:** local/smb/sftp/...
No

**Are you using encryption:** yes/no
No

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
No


### Client configuration
**Browser:**
Firefox 54.0.1

**Operating system:**
Windows Server 2016 and Windows 10

### Logs

#### Web server error log

Insert your webserver log here


#### ownCloud log (data/owncloud.log)

{“reqId”:“WXns6nAACIdLMFKLHdNwCgAAAAs”,“level”:3,“time”:“2017-07-27T13:38:50+00:00”,“remoteAddr”:“I”,“user”:“admin”,“app”:“PHP”,“method”:“GET”,“url”:“/owncloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json”,“message”:“Redis::connect(): connect() failed: No such file or directory at /var/www/html/owncloud/lib/private/RedisFactory.php#83”}
{“reqId”:“WXns6nAACIdLMFKLHdNwCgAAAAs”,“level”:3,“time”:“2017-07-27T13:38:50+00:00”,“remoteAddr”:“IP”,“user”:“admin”,“app”:“PHP”,“method”:“GET”,“url”:“/owncloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json”,“message”:“You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at /var/www/html/owncloud/lib/composer/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php#18”}
{“reqId”:“WXns7CW4vqvy1iukxpjd0AAAAAA”,“level”:3,“time”:“2017-07-27T13:38:52+00:00”,“remoteAddr”:“IP”,“user”:“admin”,“app”:“PHP”,“method”:“GET”,“url”:“/owncloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json”,“message”:“Redis::connect(): connect() failed: No such file or directory at /var/www/html/owncloud/lib/private/RedisFactory.php#83”}
{“reqId”:“WXns7CW4vqvy1iukxpjd0AAAAAA”,“level”:3,“time”:“2017-07-27T13:38:53+00:00”,“remoteAddr”:“IP4”,“user”:“admin”,“app”:“PHP”,“method”:“GET”,“url”:“/owncloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json”,“message”:“You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at /var/www/html/owncloud/lib/composer/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php#18”}


#### Browser log

If you think these are needed, then I’d be happy to add them as well.

2

Hi, did you have a look at this github issue? It handles a similar problem: