I am running both swag and nextcloud (with mariadb and redis) containers from linuxserver.io without any issues. My docker-compose file is available here.
Now after reading
I decided to turn all of the optional headers on. However, when I uncomment in ssl.conf
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
and restart swag and nextcloud, I get the following warning in the nextcloud admin panel:
If instead I leave the lines uncommented, I don’t get the warnings. Isn’t this counter-intuitive?