CORS requests blocked in Nextcloud app

Hello,

I tried to do a minimal working example of an app with Paypal. As a Vue.js project it works perfectly. However, as a Nextcloud app all the CORS requests are blocked (Cross-Origin Request Blocked). I already tried to allow everything possible, so that I’ll get it to work. However, so far it didn’t make a difference. In my PageController.php I have the following function

public function index() {
        $response = new TemplateResponse('paypaltest','index',[]);
        $csp = new ContentSecurityPolicy();
        $csp->addAllowedImageDomain('*');
        $csp->addAllowedMediaDomain('*');
        $csp->addAllowedScriptDomain('*');
        $csp->addAllowedFrameDomain('*');
        $csp->addAllowedStyleDomain('*');
        $csp->addAllowedConnectDomain('*');
        $csp->addAllowedFontDomain('*');
        $csp->addAllowedChildSrcDomain('*');
        $csp->addAllowedObjectDomain('*');
        $csp->allowInlineScript(true);
        $csp->allowInlineStyle(true);
        $csp->allowEvalScript(true);
        $response->setContentSecurityPolicy($csp);
        return $response;
    }

where I tried to unblock every possible thing. Do you have an idea how I should proceed? I don’t find any relevant information in the internet, and I’m quite new to Nextcloud myself. I’d appreciate any help!

Hi @jkemper,

You can install this app on your server and use it to allow CORS acces from certain websites:
https://apps.nextcloud.com/apps/webapppassword

I hope it helps!

Hi @szaimen,
Thank you very much, your suggestion seems to be quite good!
However, it didn’t work as I quickly tried it out. It might be due to me using it in the wrong way though.
I just installed it and put in the URLs to which the requests are blocked.

This didn’t make any difference, unfortunately. Do you have to do additional steps? Can you use it for other apps than WebDAV/CalDAV?

Unfortunately I haven’t used it myself so I cannot assist with that. I only know that it should make CORS access possible.

Hey @jkemper
i just found this on the docs and remembered this thread. Maybe this helps?
https://docs.nextcloud.com/server/21/developer_manual/digging_deeper/rest_apis.html#modifying-the-cors-headers

Greets,
Jonas :slight_smile: