I’m trying to integrate the Stripe API into my nextcloud custom app. But the content security policy is blocking the script.
There are errors in the console:
Within my nextcloud files I found a file for configuring the CSP but haven’t figured out what values in there I need to change to resolve the errors.
/lib/public/AppFramework/Http/ContentSecurityPolicy.php
Any help here would be much appreciated! I’m new to nextcloud and still learning how to develop apps. Thank you!
Hello @socialistpizza, welcome to the Nextcloud community! 
please use search many topics where discussed already e.g. CSP "Content Security Policy" missing in Nextcloud manual
I have used the search and haven’t been able to find a solution to my issue.
Hello.
The mentioned files must not be altered. They are part of the server core and are fine as they are.
You are writing an app that needs a looser csp setting than normal (pure NC) apps need. So, read the documentation. There is an example on allowing all domains. I would highly suggest to whitelist individual domains to minimize the security impact.
Chris
Hi,
Did you check your web server doesn’t have CSP policies itself (.htaccess, .conf…). You can check by accessing through a page that isn’t generated by Nextcloud (eg test.php).
I’ve fixed a CSP policy recently : see [Bug]: Content Security Policy (CSP) Error for preview-service-worker.js · Issue #39849 · nextcloud/server · GitHub
You can watch the fix from this PR: fix: #138 Missing worker policy when launching assistant by smarinier · Pull Request #139 · nextcloud/assistant · GitHub
Yours,
