CORS requests blocked in Nextcloud app

jkemper · February 24, 2021, 8:37am

Hello,

I tried to do a minimal working example of an app with Paypal. As a Vue.js project it works perfectly. However, as a Nextcloud app all the CORS requests are blocked (Cross-Origin Request Blocked). I already tried to allow everything possible, so that I’ll get it to work. However, so far it didn’t make a difference. In my PageController.php I have the following function

public function index() {
        $response = new TemplateResponse('paypaltest','index',[]);
        $csp = new ContentSecurityPolicy();
        $csp->addAllowedImageDomain('*');
        $csp->addAllowedMediaDomain('*');
        $csp->addAllowedScriptDomain('*');
        $csp->addAllowedFrameDomain('*');
        $csp->addAllowedStyleDomain('*');
        $csp->addAllowedConnectDomain('*');
        $csp->addAllowedFontDomain('*');
        $csp->addAllowedChildSrcDomain('*');
        $csp->addAllowedObjectDomain('*');
        $csp->allowInlineScript(true);
        $csp->allowInlineStyle(true);
        $csp->allowEvalScript(true);
        $response->setContentSecurityPolicy($csp);
        return $response;
    }

where I tried to unblock every possible thing. Do you have an idea how I should proceed? I don’t find any relevant information in the internet, and I’m quite new to Nextcloud myself. I’d appreciate any help!

szaimen · February 24, 2021, 9:16am

Hi @jkemper,

You can install this app on your server and use it to allow CORS acces from certain websites:
https://apps.nextcloud.com/apps/webapppassword

I hope it helps!

jkemper · February 24, 2021, 3:49pm

Hi @szaimen,
Thank you very much, your suggestion seems to be quite good!
However, it didn’t work as I quickly tried it out. It might be due to me using it in the wrong way though.
I just installed it and put in the URLs to which the requests are blocked.

This didn’t make any difference, unfortunately. Do you have to do additional steps? Can you use it for other apps than WebDAV/CalDAV?

szaimen · February 24, 2021, 4:55pm

Unfortunately I haven’t used it myself so I cannot assist with that. I only know that it should make CORS access possible.

jotoeri · February 27, 2021, 12:04pm

Hey @jkemper
i just found this on the docs and remembered this thread. Maybe this helps?
https://docs.nextcloud.com/server/21/developer_manual/digging_deeper/rest_apis.html#modifying-the-cors-headers

Greets,
Jonas

Wikinaut · November 20, 2023, 5:53pm

Has anyone got it working ?

I installed https://apps.nextcloud.com/apps/webapppassword and set up my server from which I want to send (drop) a file to my other cloud servers, but I did not get it working:

→→ always got “CORS Missing Allow Origin”

When changing the username hash or using “POST” instead of “PUT”, I receive the corresponding error messages from the cloud server (wrong username resp. “only PUT allowed”, so these parts appears to be working.