diff --git a/.htaccess b/.htaccess
index 70cd1f1595d8370c936cc1bdcb3af4e28ad41633..81a53f9989ec920c22be76dbc3f903dead0831bb 100644
--- a/.htaccess
+++ b/.htaccess
@@ -60,6 +60,7 @@
   RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
   RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
   RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
+  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
   RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
   RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
   RewriteRule ^remote/(.*) remote.php [QSA,L]
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index aa59cc8181b36ba073f98cf211ea389f92fa196d..ca7d979f5f3a7801428f1d48fcaa87139b9fb08a 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -52,9 +52,14 @@
 		 * @param url the URL to test
 		 * @param placeholderUrl the placeholder URL - can be found at oc_defaults.docPlaceholderUrl
 		 * @param {boolean} runCheck if this is set to false the check is skipped and no error is returned
+		 * @param {int} expectedStatus the expected HTTP status to be returned by the URL, 207 by default
 		 * @return $.Deferred object resolved with an array of error messages
 		 */
-		checkWellKnownUrl: function(url, placeholderUrl, runCheck) {
+		checkWellKnownUrl: function(url, placeholderUrl, runCheck, expectedStatus) {
+			if (expectedStatus === undefined) {
+				expectedStatus = 207;
+			}
+
 			var deferred = $.Deferred();
 
 			if(runCheck === false) {
@@ -63,7 +68,7 @@
 			}
 			var afterCall = function(xhr) {
 				var messages = [];
-				if (xhr.status !== 207) {
+				if (xhr.status !== expectedStatus) {
 					var docUrl = placeholderUrl.replace('PLACEHOLDER', 'admin-setup-well-known-URL');
 					messages.push({
 						msg: t('core', 'Your web server is not properly set up to resolve "{url}". Further information can be found in the <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', { docLink: docUrl, url: url }),
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
index 3de1a4463b0f5c3263f9d3dee732abe450afc661..47443e5e727dbd63116ea9a743bf83908e8998d6 100644
--- a/core/js/tests/specs/setupchecksSpec.js
+++ b/core/js/tests/specs/setupchecksSpec.js
@@ -61,8 +61,8 @@ describe('OC.SetupChecks tests', function() {
 	});
 
 	describe('checkWellKnownUrl', function() {
-		it('should fail with another response status code than 207', function(done) {
-			var async = OC.SetupChecks.checkWellKnownUrl('/.well-known/caldav', 'http://example.org/PLACEHOLDER', true);
+		it('should fail with another response status code than the expected one', function(done) {
+			var async = OC.SetupChecks.checkWellKnownUrl('/.well-known/caldav', 'http://example.org/PLACEHOLDER', true, 207);
 
 			suite.server.requests[0].respond(200);
 
@@ -75,7 +75,18 @@ describe('OC.SetupChecks tests', function() {
 			});
 		});
 
-		it('should return no error with a response status code of 207', function(done) {
+		it('should return no error with the expected response status code', function(done) {
+			var async = OC.SetupChecks.checkWellKnownUrl('/.well-known/caldav', 'http://example.org/PLACEHOLDER', true, 207);
+
+			suite.server.requests[0].respond(207);
+
+			async.done(function( data, s, x ){
+				expect(data).toEqual([]);
+				done();
+			});
+		});
+
+		it('should return no error with the default expected response status code', function(done) {
 			var async = OC.SetupChecks.checkWellKnownUrl('/.well-known/caldav', 'http://example.org/PLACEHOLDER', true);
 
 			suite.server.requests[0].respond(207);
diff --git a/public.php b/public.php
index d50f49e2536ce41ea60fcb0128c344bf09096159..f033e1897c8aca6e7dd5b3917dd363084e3ac653 100644
--- a/public.php
+++ b/public.php
@@ -54,7 +54,7 @@ try {
 		list($service) = explode('/', $pathInfo);
 	}
 	$file = \OC::$server->getConfig()->getAppValue('core', 'public_' . strip_tags($service));
-	if ($file === null) {
+	if ($file === '') {
 		http_response_code(404);
 		exit;
 	}
diff --git a/settings/Application.php b/settings/Application.php
index 4ad59a64d40bddc9a57395ca69ed868512ec91a7..4a1440824272e576cf115b27f5f5f3fd87b4dd06 100644
--- a/settings/Application.php
+++ b/settings/Application.php
@@ -121,6 +121,8 @@ class Application extends App {
 
 		Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
 		Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
+
+		Util::connectHook('\OCP\Config', 'js', $this, 'extendJsConfig');
 	}
 
 	/**
@@ -152,4 +154,18 @@ class Application extends App {
 		$hooks = $this->getContainer()->query(Hooks::class);
 		$hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
 	}
+
+	/**
+	 * @param array $settings
+	 */
+	public function extendJsConfig(array $settings) {
+		$appConfig = json_decode($settings['array']['oc_appconfig'], true);
+
+		$publicWebFinger = \OC::$server->getConfig()->getAppValue('core', 'public_webfinger', '');
+		if (!empty($publicWebFinger)) {
+			$appConfig['core']['public_webfinger'] = $publicWebFinger;
+		}
+
+		$settings['array']['oc_appconfig'] = json_encode($appConfig);
+	}
 }
diff --git a/settings/js/admin.js b/settings/js/admin.js
index de5bc2b953708174a94b5ec5c4e63ecbc658bc9c..35f3d949ab613563801ec94bc646c1b663ae7282 100644
--- a/settings/js/admin.js
+++ b/settings/js/admin.js
@@ -248,13 +248,14 @@ $(document).ready(function(){
 	// run setup checks then gather error messages
 	$.when(
 		OC.SetupChecks.checkWebDAV(),
+		OC.SetupChecks.checkWellKnownUrl('/.well-known/webfinger', oc_defaults.docPlaceholderUrl, $('#postsetupchecks').data('check-wellknown') === true && !!oc_appconfig.core.public_webfinger, 200),
 		OC.SetupChecks.checkWellKnownUrl('/.well-known/caldav', oc_defaults.docPlaceholderUrl, $('#postsetupchecks').data('check-wellknown') === true),
 		OC.SetupChecks.checkWellKnownUrl('/.well-known/carddav', oc_defaults.docPlaceholderUrl, $('#postsetupchecks').data('check-wellknown') === true),
 		OC.SetupChecks.checkSetup(),
 		OC.SetupChecks.checkGeneric(),
 		OC.SetupChecks.checkDataProtected()
-	).then(function(check1, check2, check3, check4, check5, check6) {
-		var messages = [].concat(check1, check2, check3, check4, check5, check6);
+	).then(function(check1, check2, check3, check4, check5, check6, check7) {
+		var messages = [].concat(check1, check2, check3, check4, check5, check6, check7);
 		var $el = $('#postsetupchecks');
 		$('#security-warning-state-loading').addClass('hidden');
 
diff --git a/tests/data/setUploadLimit/htaccess b/tests/data/setUploadLimit/htaccess
index 65957a2983834b858bc7b56db2868c1bc54a3aae..f7bfcdbc80b0494d90390ab1c8b0f69615e78ed1 100644
--- a/tests/data/setUploadLimit/htaccess
+++ b/tests/data/setUploadLimit/htaccess
@@ -38,6 +38,7 @@ RewriteEngine on
 RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
 RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
+RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
 RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R=301,L]
 RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R=301,L]
 RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L]