Content security policy block apps with http protocol on my HTTPS instance behind a reverse proxy


I deplyed a nextcloud 18 stable-fpm docker with an nginx container in front, everything seems to be ok until i install the ojsxc app, i cannot connected and when i look at the web console i saw that it was a issue on the Content ssecurity policy on the rule connect-src …OJSXC try to connect on the “http” port and the default header default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-cTJjV3o5QWk0VHFkcFV2T01pa0dEaW55SUpMcVlOY0Y0b205NHRxSGpXND06L0JaempKNGFxbEwxemhxNFhtQnFkSDZVZHRXQ0RxTkxvKzdyaTRyTHZGaz0=';style-src 'self' 'unsafe-inline' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' blob:;frame-src data:;child-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' is blocking it.

I don’t know why some apps or url call are still in http format unless i set overwriteprotocol th https. I temporaly disable the CSP on my browser and i can connext to an external xmpp server.

I try many config as changing overwrite.cli.url to put my nextcloud URL with https …nothing …

Could someone help?

I tested the app on chrome and OJSXC seem to work there, i look at the source code of the page and it seems that all route serve http protocol unless overwriteprotocol": “https” is activated …