Nextcloud version (eg, 20.0.5): 25.0.1
Operating system and version (eg, Ubuntu 20.04): 22.04
Apache or nginx version (eg, Apache 2.4.25): nginx
PHP version (eg, 7.4): 8.1
The issue you are facing:
Running collabora on edit.domain.com and Nextcloud on docs.domain.com, I cannot edit documents. The request never reaches Collabora. I have tried adding just about every CSP header I can think of, but the request still seems to be blocked.
Right before the CSP blocking information in the console, I see an exception like this
core-common.js
Uncaught
Exception { name: "", message: "", result: 2153381986, filename: "https://docs.domain.com/dist/core-common.js?v=29357e0c-3", lineNumber: 2, columnNumber: 0, data: null, stack: "trigger@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9713512\ntrigger/<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9713798\neach@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9644267\neach@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9642747\ntrigger@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9713773\n49226/</i</</j</<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9357821\ns/t[n]@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9348837\nshowEditor@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:185541\nshowEditor/<@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:179934\nsetTimeout handler*showEditor@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:179915\nloadDocument@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:187766\ninitSession/<@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:187693\nl@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9669908\nadd@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9670188\ninitSession@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:187673\n@https://docs.domain.com/apps/richdocuments/js/richdocuments-document.js?v=29357e0c-3:2:188821\nc@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9671626\no/</u<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9671928\nsetTimeout handler*o/<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9672137\nl@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9669908\nfireWith@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9670656\nfire@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9670692\nl@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9669908\nfireWith@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9670656\nready@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9673642\nsetTimeout handler*19755/<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9673768\n19755/<@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9641377\n19755@https://docs.domain.com/dist/core-common.js?v=29357e0c-3:2:9641490\na@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:146713\n54385@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:1348\na@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:146713\nr<@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:148432\na.O@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:147115\n@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:148448\n@https://docs.domain.com/dist/core-main.js?v=29357e0c-3:2:148453\n" }
The actual CSP error in the console, right after this one is:
Content Security Policy: The page’s settings blocked the loading of a resource at https://edit.domain.com/browser/0b42b3e/cool.html?WOPISrc=https%3A%2F%2Fdocs.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F454_oceyj87157zl&title=test.docx&lang=en&closebutton=1&revisionhistory=1 (“form-action”).
Is this the first time you’ve seen this error? (Y/N): N
Steps to replicate it:
Simply try to edit (or create) an “office” document.
The output of your Nextcloud log in Admin > Logging:
There's no related information
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => 'redacted',
'passwordsalt' => 'redacted',
'secret' => 'redacted',
'trusted_domains' =>
array (
0 => 'docs.domain.com',
1 => 'edit.domain.com',
),
'allow_local_remote_servers' => true,
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '25.0.1.1',
'overwrite.cli.url' => 'https://docs.domain.com',
'overwritehost' => 'docs.domain.com',
'overwriteprotocol' => 'https',
'dbname' => 'redacted',
'dbhost' => '127.0.0.1',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'redacted',
'dbpassword' => 'redacted',
'installed' => true,
'default_language' => 'en',
'logtimezone' => 'UTC',
'default_phone_region' => 'SE',
'skeletondirectory' => '',
'logo_url' => 'https://docs.domain.com',
'defaultapp' => 'files,dashboard',
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
'timeout' => 0.0,
'read_timeout' => 0.0,
'user' => '',
'password' => '',
'dbindex' => 0,
),
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'mail_from_address' => 'notice',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'docs.domain.com',
'mail_smtphost' => 'localhost',
'logfile' => '/var/www/_logs/nextcloud.log',
'trashbin_retention_obligation' => 'auto, 30',
'maintenance' => false,
);
The output of your Apache/nginx/system log in /var/log/____
:
There's no relevant output
The Nginx header configuration (Nextcloud server) looks like this:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Content-Security-Policy "form-action docs.domain.com edit.domain.com 'self';frame-ancestors docs.domain.com edit.domain.com 'self';";
I’m sure I did something wrong, but I can’t figure out what.