server/.htaccess

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002

    <If "%{REQUEST_URI} =~ m#/login$#">
      # Only on the login page we need any Origin or Referer header set.
      Header onsuccess unset Referrer-Policy
      Header always set Referrer-Policy "same-origin"
    </If>
    <Else>
      Header onsuccess unset Referrer-Policy
      Header always set Referrer-Policy "no-referrer"
    </Else>

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
    <If "%{QUERY_STRING} =~ /(^|&)v=/">
      Header set Cache-Control "max-age=15778463, immutable"
    </If>
    <Else>
      Header set Cache-Control "max-age=15778463"
    </Else>
  </FilesMatch>

  # Let browsers cache OTF and WOFF files for a week
  <FilesMatch "\.(otf|woff2?)$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
  # Serve ESM javascript files (.mjs) with correct mime type
  AddType text/javascript js mjs
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

# Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
# When FastCGI or FPM is used with apache, requests arrive to Nextcloud without any content.
# This leads to the creation of empty files.
# The following directive will force the problematic requests to be buffered before being forwarded to Nextcloud.
# This way, the "Transfer-Encoding" header is removed, the "Content-Length" header is set, and the request content is proxied to Nextcloud.
# Here are more information about the issue:
#  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
#  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
<IfModule mod_setenvif.c>
  SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
</IfModule>

# Apache disabled the sending of the server-side content-length header
# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
<IfModule mod_env.c>
  SetEnv ap_trust_cgilike_cl
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 16:30:07 +04:00			`<IfModule mod_headers.c>`
Add mod_proxy_fcgi and mod_fastcgi to .htaccess 2015-08-11 11:55:57 +03:00			`<IfModule mod_setenvif.c>`
			`<IfModule mod_fcgid.c>`
Add some generic default headers as well via PHP 2015-03-26 17:30:00 +03:00			`SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1`
			`RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION`
			`</IfModule>`
Add mod_proxy_fcgi and mod_fastcgi to .htaccess 2015-08-11 11:55:57 +03:00			`<IfModule mod_proxy_fcgi.c>`
			`SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1`
			`</IfModule>`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00			`<IfModule mod_lsapi.c>`
			`SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1`
			`RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION`
			`</IfModule>`
Add some generic default headers as well via PHP 2015-03-26 17:30:00 +03:00			`</IfModule>`

			`<IfModule mod_env.c>`
			`# Add security and privacy related headers`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00			`# Avoid doubled headers by unsetting headers in "onsuccess" table,`
			`# then add headers to "always" table: https://github.com/nextcloud/server/pull/19002`
feat(login): add origin check at login Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2024-11-29 13:54:36 +03:00
			`<If "%{REQUEST_URI} =~ m#/login$#">`
			`# Only on the login page we need any Origin or Referer header set.`
			`Header onsuccess unset Referrer-Policy`
			`Header always set Referrer-Policy "same-origin"`
			`</If>`
			`<Else>`
			`Header onsuccess unset Referrer-Policy`
			`Header always set Referrer-Policy "no-referrer"`
			`</Else>`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
			`Header onsuccess unset X-Content-Type-Options`
Use "always" condition for security headers Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2019-07-01 19:41:59 +03:00			`Header always set X-Content-Type-Options "nosniff"`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
			`Header onsuccess unset X-Frame-Options`
Use "always" condition for security headers Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2019-07-01 19:41:59 +03:00			`Header always set X-Frame-Options "SAMEORIGIN"`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
			`Header onsuccess unset X-Permitted-Cross-Domain-Policies`
Use "always" condition for security headers Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2019-07-01 19:41:59 +03:00			`Header always set X-Permitted-Cross-Domain-Policies "none"`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
			`Header onsuccess unset X-Robots-Tag`
Change X-Robots-Tag header from "none" to "noindex, nofollow" While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com> 2023-02-13 16:09:13 +03:00			`Header always set X-Robots-Tag "noindex, nofollow"`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
			`Header onsuccess unset X-XSS-Protection`
Use "always" condition for security headers Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2019-07-01 19:41:59 +03:00			`Header always set X-XSS-Protection "1; mode=block"`
Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com> 2020-01-19 18:53:08 +03:00
Add some generic default headers as well via PHP 2015-03-26 17:30:00 +03:00			`SetEnv modHeadersAvailable true`
			`</IfModule>`

Also cache WOFF, SVG and GIF 2016-08-08 18:39:53 +03:00			`# Add cache control for static resources`
fix(htaccess): Serve images as static assets Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-07-15 19:06:13 +03:00			`<FilesMatch "\.(css\|js\|mjs\|svg\|gif\|png\|jpg\|webp\|ico\|wasm\|tflite)$">`
Fix Cache-Control header of non-versioned assets Non-cache-busted assets such as /dist/core-main.js also matched the regex meant for cache-busted assets (note the ? at the end of the regex). The FilesMatch directive for cache-busted assets coming after the non-cache-busted version all assets actually got the immutable flag in their Cache-Control header. This caused client-side errors on updates. Query strings are not actually passed to FilesMatch directives so we need another way to tell cache-busted/versionned assets apart from non-versioned assets, here using If/Else directives. Signed-off-by: Nicolas Guichard <nicolas@guichard.eu> 2023-03-02 20:38:04 +03:00			`<If "%{QUERY_STRING} =~ /(^\|&)v=/">`
			`Header set Cache-Control "max-age=15778463, immutable"`
			`</If>`
			`<Else>`
			`Header set Cache-Control "max-age=15778463"`
			`</Else>`
Improve caching policy * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-02-12 00:14:04 +03:00			`</FilesMatch>`

fix(a11y): Add OTF font loading check Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-09-16 10:58:54 +03:00			`# Let browsers cache OTF and WOFF files for a week`
			`<FilesMatch "\.(otf\|woff2?)$">`
Cache js, css and woff files for a week (#26591) increases the cache duration for css and js files from 2 hours to half a year. Should they change the versionhash changes as well and a new file is fetched. Half a year should be long enough for oc updates. Also allows caching woff files for 7 days. Currently, there is no versionhash available, but pressing F5 will also refresh the woff files. 2016-11-11 15:10:35 +03:00			`Header set Cache-Control "max-age=604800"`
Add some generic default headers as well via PHP 2015-03-26 17:30:00 +03:00			`</FilesMatch>`
Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 16:30:07 +04:00			`</IfModule>`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00
Fix module name for PHP8+ 2021-04-21 11:11:06 +03:00			`<IfModule mod_php.c>`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00			`php_value mbstring.func_overload 0`
			`php_value default_charset 'UTF-8'`
			`php_value output_buffering 0`
			`<IfModule mod_env.c>`
			`SetEnv htaccessWorking true`
			`</IfModule>`
			`</IfModule>`

			`<IfModule mod_mime.c>`
			`AddType image/svg+xml svg svgz`
Allow to serve static WebAssembly and TensorFlow Lite files Since Talk 13 (and thus Nextcloud 23) WebAssembly (.wasm) and TensorFlow Lite (.tflite) files need to be loaded from the web server to provide certain features (like the background blur in the WebUI). Those files can be treated in a similar way to other static resources, and there should not be any problem caching or compressing them. However, as compressed TensorFlow Lite files are only ~12% smaller, the compression directive depends on the MIME type and there is no standard MIME type for TensorFlow Lite files it is not worth to compress them. Moreover, no directives to compress WebAssembly files were added either, as it seems that they would override any other compression directives set in the default server configuration; for reference it could be done with something like: <IfModule mod_deflate.c> <IfModule mod_filter.c> AddOutputFilterByType DEFLATE application/wasm </IfModule> </IfModule> Depending on the setup "application/wasm" may not be associated with ".wasm" files, so the directive was added just in case, as otherwise browsers log a warning. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com> 2021-11-17 14:30:12 +03:00			`AddType application/wasm wasm`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00			`AddEncoding gzip svgz`
Adjust `.htaccess` to serve `.mjs` files with javascript mime type Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de> 2023-03-16 17:57:51 +03:00			`# Serve ESM javascript files (.mjs) with correct mime type`
			`AddType text/javascript js mjs`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00			`</IfModule>`

			`<IfModule mod_dir.c>`
			`DirectoryIndex index.php index.html`
			`</IfModule>`

			`<IfModule pagespeed_module>`
			`ModPagespeed Off`
			`</IfModule>`

don't try to use mod_rewrite when it isn't enabled having a broken web/card/caldav is much better as having no ownCloud at all :) 2012-01-03 07:55:19 +04:00			`<IfModule mod_rewrite.c>`
properly indent .htaccess 2015-08-16 16:40:03 +03:00			`RewriteEngine on`
Remove duplicated spaces Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2019-07-01 19:45:27 +03:00			`RewriteCond %{HTTP_USER_AGENT} DavClnt`
			`RewriteRule ^$ /remote.php/webdav/ [L,R=302]`
properly indent .htaccess 2015-08-16 16:40:03 +03:00			`RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`
Update .well-known redirects to the new dav endpoint This reverts commit 68321efd29184fbc1bef409ec41f9b38501116ef. 2015-11-18 19:40:27 +03:00			`RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]`
			`RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]`
properly indent .htaccess 2015-08-16 16:40:03 +03:00			`RewriteRule ^remote/(.*) remote.php [QSA,L]`
.htaccess update making two rules non-capturing 2016-06-03 17:34:26 +03:00			`RewriteRule ^(?:build\|tests\|config\|lib\|3rdparty\|templates)/.* - [R=404,L]`
Make sure we properly ass well-known paths to index.php Signed-off-by: Julius Härtl <jus@bitgrid.net> 2020-12-28 17:36:23 +03:00			`RewriteRule ^\.well-known/(?!acme-challenge\|pki-validation) /index.php [QSA,L]`
remove leading slash Signed-off-by: Maxence Lange <maxence@artificial-owl.com> 2023-10-10 00:17:12 +03:00			`RewriteRule ^ocm-provider/?$ index.php [QSA,L]`
Make sure we properly ass well-known paths to index.php Signed-off-by: Julius Härtl <jus@bitgrid.net> 2020-12-28 17:36:23 +03:00			`RewriteRule ^(?:\.(?!well-known)\|autotest\|occ\|issue\|indie\|db_\|console).* - [R=404,L]`
don't try to use mod_rewrite when it isn't enabled having a broken web/card/caldav is much better as having no ownCloud at all :) 2012-01-03 07:55:19 +04:00			`</IfModule>`
Update .htaccess (PHP8 and mod_lsapi) - Add `mod_lsapi` (Cloudlinux) authorization headers - Add `mod_php8` php_values - Reformating for better lisibilty 2021-04-16 11:05:02 +03:00
Buffer chunked requests Signed-off-by: Louis Chemineau <louis@chmn.me> 2024-01-23 13:01:58 +03:00			`# Clients like xDavv5 on Android, or Cyberduck, use chunked requests.`
			`# When FastCGI or FPM is used with apache, requests arrive to Nextcloud without any content.`
			`# This leads to the creation of empty files.`
			`# The following directive will force the problematic requests to be buffered before being forwarded to Nextcloud.`
			`# This way, the "Transfer-Encoding" header is removed, the "Content-Length" header is set, and the request content is proxied to Nextcloud.`
			`# Here are more information about the issue:`
			`# - https://docs.cyberduck.io/mountainduck/issues/fastcgi/`
			`# - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav`
fix: chunked upload leading to 0-byte files Signed-off-by: Simon L <szaimen@e.mail.de> 2024-04-25 17:29:38 +03:00			`<IfModule mod_setenvif.c>`
FIX WebDav MacOS failed uploads php-fpm and big files (-36 error) Current "SetEnvIf Transfer-Encoding "chunked" proxy-sendcl=1" setting fails with Macos Webdav Darwin client beacuse the header has a capital letter -> "Chunked" So you can fix it making condition case insensitive. Extended description and tests results on https://github.com/nextcloud/server/issues/48878 Signed-off-by: Gonzalo Cao Cabeza de Vaca <57393+gonzalo@users.noreply.github.com> 2024-11-27 10:38:29 +03:00			`SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1`
Buffer chunked requests Signed-off-by: Louis Chemineau <louis@chmn.me> 2024-01-23 13:01:58 +03:00			`</IfModule>`

fix(a11y): Add OTF font loading check Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-09-16 10:58:54 +03:00			`# Apache disabled the sending of the server-side content-length header`
fix: re-enable content-length header via htaccess Signed-off-by: Simon L. <szaimen@e.mail.de> 2024-08-29 10:52:08 +03:00			`# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.`
			`# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.`
			`# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973`
			`<IfModule mod_env.c>`
			`SetEnv ap_trust_cgilike_cl`
			`</IfModule>`

added defaultcharset to utf-8 in htaccess 2013-02-26 20:38:59 +04:00			`AddDefaultCharset utf-8`
trying to fix /.well-known/host-meta 2012-05-11 12:47:42 +04:00			`Options -Indexes`