# HG changeset patch # User IBBoard # Date 1518901177 0 # Node ID c72d2b5f9be26c182803c5de057549b0faf54086 # Parent 1af9fd04c285879e36545f3b206aeb82c7ec4d31 Try to fix NextCloud warnings about "wrong" headers The problem is that "always set" results in two values and NextCloud checks for a perfect match. Removing "always" means header only gets added on "success" pages and not error pages, so hopefully it still gets added in all appropriate places. diff -r 1af9fd04c285 -r c72d2b5f9be2 modules/website/manifests/https/redir.pp --- a/modules/website/manifests/https/redir.pp Sat Feb 10 13:32:51 2018 +0000 +++ b/modules/website/manifests/https/redir.pp Sat Feb 17 20:59:37 2018 +0000 @@ -102,9 +102,9 @@ } $custom_conf = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" -Header always set X-Xss-Protection "1; mode=block" -Header always set X-Content-Type-Options "nosniff" -Header always set X-Frame-Options "SAMEORIGIN"' +Header set X-Xss-Protection "1; mode=block" +Header set X-Content-Type-Options "nosniff" +Header set X-Frame-Options "SAMEORIGIN"' apache::vhost { $name: ip => $ip, diff -r 1af9fd04c285 -r c72d2b5f9be2 modules/website/templates/https_core_conf.erb --- a/modules/website/templates/https_core_conf.erb Sat Feb 10 13:32:51 2018 +0000 +++ b/modules/website/templates/https_core_conf.erb Sat Feb 17 20:59:37 2018 +0000 @@ -1,7 +1,7 @@ Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" -Header always set X-Xss-Protection "1; mode=block" -Header always set X-Content-Type-Options "nosniff" -Header always set X-Frame-Options "SAMEORIGIN" +Header set X-Xss-Protection "1; mode=block" +Header set X-Content-Type-Options "nosniff" +Header set X-Frame-Options "SAMEORIGIN" RewriteCond %{HTTP_HOST} !=<%= @primary_name %> RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]