From 2b434c7fbdcd21d2b40d52164b289f49a28ab7c6 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 1 May 2017 12:18:31 -0300
Subject: [PATCH] Add Same-Origin update for Nginx

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 admin_manual/installation/nginx_nextcloud_9x.rst | 4 ----
 admin_manual/release_notes.rst                   | 7 +++++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/admin_manual/installation/nginx_nextcloud_9x.rst b/admin_manual/installation/nginx_nextcloud_9x.rst
index 5c3a63f16..61af30667 100644
--- a/admin_manual/installation/nginx_nextcloud_9x.rst
+++ b/admin_manual/installation/nginx_nextcloud_9x.rst
@@ -45,7 +45,6 @@ your nginx installation.
       # add_header Strict-Transport-Security "max-age=15768000; 
       # includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
-      add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
@@ -126,7 +125,6 @@ your nginx installation.
           # add_header Strict-Transport-Security "max-age=15768000; 
           #  includeSubDomains; preload;";
           add_header X-Content-Type-Options nosniff;
-          add_header X-Frame-Options "SAMEORIGIN";
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
           add_header X-Download-Options noopen;
@@ -175,7 +173,6 @@ your nginx installation.
       #add_header Strict-Transport-Security "max-age=15768000; 
       # includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
-      add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
@@ -261,7 +258,6 @@ your nginx installation.
               # add_header Strict-Transport-Security "max-age=15768000; 
               # includeSubDomains; preload;";
               add_header X-Content-Type-Options nosniff;
-              add_header X-Frame-Options "SAMEORIGIN";
               add_header X-XSS-Protection "1; mode=block";
               add_header X-Robots-Tag none;
               add_header X-Download-Options noopen;
diff --git a/admin_manual/release_notes.rst b/admin_manual/release_notes.rst
index 65e17dcba..b65e0bc3b 100644
--- a/admin_manual/release_notes.rst
+++ b/admin_manual/release_notes.rst
@@ -3,10 +3,13 @@ Nextcloud |version| Release Notes
 =================================
 
 
-Changes in 11
+Changes in 12
 -------------
 
-tbd
+* In the Nginx configuration the Same-Origin header was removed. This is now
+  handled in PHP and keeping it will result in a wrong header. Please remove
+  those lines in your Nginx config:
+  ``add_header X-Frame-Options "SAMEORIGIN";``
 
 Q & A
 -----