Skip to content

nixos/nextcloud: remove X-XSS-Protection #438799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bachp merged 1 commit into from
Aug 31, 2025
Merged

nixos/nextcloud: remove X-XSS-Protection #438799

bachp merged 1 commit into from
Aug 31, 2025

Conversation

@dotlambda
Copy link
Member

@dotlambda dotlambda commented Aug 31, 2025

see nextcloud/server#53476

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Aug 31, 2025
@dotlambda dotlambda mentioned this pull request Aug 31, 2025
Closed
16 tasks
@nixpkgs-ci nixpkgs-ci bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Aug 31, 2025
@bachp bachp merged commit 06c99c2 into NixOS:master Aug 31, 2025
34 of 36 checks passed
@dotlambda dotlambda deleted the nextcloud branch August 31, 2025 18:49
@dotlambda
Copy link
Member Author

dotlambda commented Aug 31, 2025

Btw, my Nextcloud server shows

Some headers are not set correctly on your instance - The X-Content-Type-Options HTTP header is not set to nosniff. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The X-Robots-Tag HTTP header is not set to noindex,nofollow. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The X-Frame-Options HTTP header is not set to sameorigin. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The X-Permitted-Cross-Domain-Policies HTTP header is not set to none. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The X-XSS-Protection HTTP header does not contain 1; mode=block. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The Referrer-Policy HTTP header is not set to no-referrer, no-referrer-when-downgrade, strict-origin, strict-origin-when-cross-origin or same-origin. This can leak referer information. See the W3C Recommendation. - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS. For more details see the documentation ↗.

in the administration settings even though I didn't disable services.nextcloud.nginx.recommendedHttpHeaders and I confirmed that my server sends the headers. Do others have the same problem?

@provokateurin
Copy link
Member

provokateurin commented Aug 31, 2025

Nope, by admin overview is all green 🤔

@pyrox0 pyrox0 added backport release-25.05 1.severity: security Issues which raise a security issue, or PRs that fix one labels Sep 1, 2025
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Sep 1, 2025

Backport failed for release-25.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.05
git worktree add -d .worktree/backport-438799-to-release-25.05 origin/release-25.05
cd .worktree/backport-438799-to-release-25.05
git switch --create backport-438799-to-release-25.05
git cherry-pick -x 06c99c29c95b33260b3513adfaa7c0c144d00a56

@mdaniels5757 mdaniels5757 mentioned this pull request Sep 13, 2025
Merged
1 task
@mdaniels5757 mdaniels5757 added 8.has: port to stable This PR already has a backport to the stable release. and removed backport release-25.05 labels Sep 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bachp bachp Awaiting requested review from bachp

@britter britter Awaiting requested review from britter

@Ma27 Ma27 Awaiting requested review from Ma27

1 more reviewer

@provokateurin provokateurin provokateurin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dotlambda @provokateurin @bachp @mdaniels5757 @pyrox0