diff --git a/apps/remoteStorage/appinfo/webfinger.php b/apps/remoteStorage/appinfo/webfinger.php
index bb3fe1681b..7c0ab84605 100644
--- a/apps/remoteStorage/appinfo/webfinger.php
+++ b/apps/remoteStorage/appinfo/webfinger.php
@@ -1,6 +1,6 @@
     <Link
         rel="remoteStorage"
-        template="<?php echo WF_ROOT; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/"
+        template="<?php echo WF_BASEURL; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/"
         api="WebDAV"
-        auth="<?php echo WF_ROOT; ?>/apps/remoteStorage/auth.php/<?php echo WF_USER; ?>">
+        auth="<?php echo WF_BASEURL; ?>/apps/remoteStorage/auth.php/<?php echo WF_USER; ?>">
     </Link>
diff --git a/apps/user_webfinger/appinfo/install.php b/apps/user_webfinger/appinfo/install.php
index 678d57ae8f..c8d9a42742 100644
--- a/apps/user_webfinger/appinfo/install.php
+++ b/apps/user_webfinger/appinfo/install.php
@@ -1,4 +1,8 @@
 <?php
+$hostMetaHeader = array(
+	'Access-Control-Allow-Origin' => '*',
+	'Content-Type' => 'application/xml+xrd'
+);
 $appInfoDir = __DIR__;
 $thisAppDir = dirname($appInfoDir);
 $appsDir = dirname($thisAppDir);
@@ -17,6 +21,7 @@ if(isset($_SERVER['HTTPS'])) {
 }
 $lrddTmpl .= '://' . $serverName . $webRoot . '/apps/user_webfinger/webfinger.php?q={uri}';
 $hostMetaPath = $docRoot . '/.well-known/host-meta';
+$hostMetaDir = $docRoot . '/.well-known';
 $hostMetaContents = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 <XRD xmlns=\"http://docs.oasis-open.org/ns/xri/xrd-1.0\" xmlns:hm=\"http://host-meta.net/xrd/1.0\">
     <hm:Host xmlns=\"http://host-meta.net/xrd/1.0\">" . $serverName . "</hm:Host>
@@ -24,7 +29,7 @@ $hostMetaContents = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
         <Title>Resource Descriptor</Title>
     </Link>
 </XRD>";
-@mkdir(dirname($hostMetaPath));
+@mkdir($hostMetaDir);
 $hostMeta = fopen($hostMetaPath, 'w');
 if(!$hostMeta) {
     die("Could not open " . $hostMetaPath . " for writing, please check permissions!");
@@ -33,3 +38,14 @@ if(!fwrite($hostMeta, $hostMetaContents, strlen($hostMetaContents))) {
     die("Could not write to " . $hostMetaPath . ", please check permissions!");
 }
 fclose($hostMeta);
+
+// write custom headers into .htaccess:
+$htaccess = fopen($hostMetaDir . '/.htaccess', 'w');
+//TODO: check compatibility!
+fwrite($htaccess, "<filesMatch \"^host-meta$\">
+<ifModule mod_headers.c>\n");
+foreach($hostMetaHeader as $header => $value) {
+	fwrite($htaccess, "Header set " . $header . " \"" . $value . "\"\n");
+}
+fwrite($htaccess, "</ifModule>\n</filesMatch>");
+fclose($htaccess);
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index ecbfeed8e4..9ada473ca8 100644
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -6,13 +6,13 @@ header("Content-Type: application/xrd+xml");
  * To include your app in the webfinger XML, add a new script with file name
  * 'webfinger.php' to /apps/yourapp/appinfo/, which prints out the XML parts
  * to be included. That script can make use of the constants WF_USER (e. g.
- * "user"), WF_ADDRESS ("user@host") and WF_ROOT ("https://host/owncloud").
+ * "user"), WF_ID (user@host) and WF_BASEURL (e. g. https://host/owncloud).
  * An example could look like this:
  * 
  * <Link
  * 	rel="myProfile"
  * 	type="text/html"
- * 	href="<?php echo WF_ROOT; ?>/apps/myApp/profile.php?user=<?php echo WF_USER; ?>">
+ * 	href="<?php echo WF_BASEURL; ?>/apps/myApp/profile.php?user=<?php echo WF_USER; ?>">
  * </Link>
  *
  '* but can also use complex database queries to generate the webfinger result
@@ -24,19 +24,25 @@ $SERVERROOT=str_replace("\\",'/',dirname(dirname(dirname(dirname(__FILE__)))));
 $SUBURI=substr(realpath($_SERVER["SCRIPT_FILENAME"]),strlen($SERVERROOT));
 $WEBROOT=substr($SUBURI,0,-34);
 */
-require_once('../../lib/base.php');
 
-$id = $_GET['q'];
+require_once('../../lib/base.php');
+$request = urldecode($_GET['q']);
 if($_GET['q']) {
-	$bits = explode('@', $_GET['q']);
-	$userName = $bits[0];
+	$reqParts = explode('@', $request);
+	$userName = $reqParts[0];
+	$hostName = $reqParts[1];
 } else {
-	$id = '';
 	$userName = '';
+	$hostName = '';
 }
 if(substr($userName, 0, 5) == 'acct:') {
 	$userName = substr($userName, 5);
 }
+if($userName == "") {
+	$id = "";
+} else {
+	$id = $userName . '@' . $hostName;
+}
 if(isset($_SERVER['HTTPS'])) {
 	$baseAddress = 'https://';
 } else {
@@ -44,22 +50,19 @@ if(isset($_SERVER['HTTPS'])) {
 }
 $baseAddress .= $_SERVER['SERVER_NAME'].OC::$WEBROOT;
 define('WF_USER', $userName);
-define('WF_ADDRESS', $id);
-define('WF_ROOT', $baseAddress);
+define('WF_ID', $id);
+define('WF_BASEURL', $baseAddress);
 echo "<";
 ?>
 ?xml version="1.0" encoding="UTF-8"?>
 <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0" xmlns:hm="http://host-meta.net/xrd/1.0">
-	<hm:Host xmlns="http://host-meta.net/xrd/1.0"><?php echo $_SERVER['SERVER_NAME']; ?></hm:Host>
-    <Subject>acct:<?php echo $userName . '@' . $_SERVER['SERVER_NAME'] ?></Subject>
+    <hm:Host xmlns="http://host-meta.net/xrd/1.0"><?php echo $_SERVER['SERVER_NAME']; ?></hm:Host>
+    <Subject>acct:<?php echo $id ?></Subject>
 <?php
 $apps = OC_Appconfig::getApps();
 foreach($apps as $app) {
-	//echo "checking $app...\n";
 	if(OC_App::isEnabled($app)) {
-		//echo "is enabled\n";
 		if(is_file(OC::$APPSROOT . '/apps/' . $app . '/appinfo/webfinger.php')) {
-			//echo "has webfinger.php\n";
 			require($app . '/appinfo/webfinger.php');
 		}
 	}