Hosting my own ownCloud server and it works very well... Love it... However....
I logged in as admin today and had my first error...
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
I have tried to do some research on this and not found a definitive workaround or even if I should be concerned so thought I'd try here...
I have checked my ownCloud .htaccess file and the x-frame-option is set to SAMEORIGIN
# Add security and privacy related headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
SetEnv modHeadersAvailable true
Should I be concerned about this error? I have looked around and there are conflicting views. My server is 9.0.9 stable. If anyone can help or point me in the right direction I'd appreciate it..
Best wishes to all