Really sorry if this is indeed an undue report, but I just installed Passwords on my Nextcloud instance and can’t access the web interface through neither:
Chrome 76.0.3809.100
Firefox 60.8.0esr (64 bits)
Brave 0.67.124
all claiming to be up to date, but I have this ginormous out-of-date browser warning instead of the Passwords interface.
The Android app by Daper, from F-droid, can connect just fine, so it does not seem to be a server conf issue.
My Nextcloud info:
Raspbian Buster + Apache
PHP 7.3.4-2
Nextcloud 16.0.3
Have I missed something?
Thanks anyway for any help
Shiva
Those browsers should be enough to use the app. Can you open the developer console (press F12) and check for any errors besides “Browser does not support ECMAScript 2017 / ES2017”?
Hello, thanks for the fast answer! I surprisingly didn’t have the idea to look at the console
actually, there is a bunch of errors, all linked to my server’s Content Security Policy:
One says: Refused to connect to [edited out] because it violates the following Content Security Policy directive: "connect-src 'self'".
Another one says: EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
FWIW, here is my Content security policy htaccess content:
which does not interfere with any of the other Nextcloud apps I use.
I achieved these settings by repeatedly scanning my instance through securityheaders.com, and tweaking the ones blocking Nextcloud from operating.
I guess I have to open them up a bit more for Password to work…
My configuration may seem a bit odd, but I run a Wordpress website in my root webfolder, and nextcloud in a subfolder of it.
Thus, the CSP settings I had put in my root folder htaccess were somehow overriding the correct ones set (at runtime?) by nextcloud, breaking Password in particular.
I had to remove the CSP settings in my rootfolder htaccess, and find a way to still kind of protect (see the ‘unsafe-inline’ problem largely discussed on the web) through a wordpress plugin, in order to have no conflict between the two software.
I may someday try to implement these csp for my wordpress through a php function of my own, but for now, it seems to fullfill my needs, according to my last scans.