CSP broke on 27.0.1

One of my instances on a unicode domain broke after the update from 26 to 27.0.1.
Now the nextcloud generated Content-Security-Policy header does not punicode the domain (sends utf-8 caracters in the CSP header) which makes browsers refuse to load any assests.


For bug reports: Issues · nextcloud/server · GitHub

Are you certain that Nextcloud encoded the domains in the past? Usually, to refer to the current domain, you use self in the CSP header.

Please include an example of the generated CSP header in your bug report.

For those who face a similar problem:
TL;DR caused by “Nextcloud Office”-App. (richdocuments)

Here is the corresponding issue:

The conditions to run into this bug are met if:

  • You have a unicode domain
  • You have “Nextcloud Office” installed

There are currently two ways to fix it temporarely:

  • Disable “Netcloud Office” App
  • Apply the patch provided in the issue manually
1 Like