I installed nextcloud under a subdirectory and configured nginx configuration files with little help from nginxconfig.io. I merged all of the settings and here’s problem.
I have tried enabling Content-Security-Policy header but communicationwith server fails. The page loads, but doesn’t load up the files, information etc. I tried all of the csp values I could find from this forum and owncloud, but no luck. Here’s the value
The first value I tried:
add_header Content-Security-Policy “default-src ‘self’; font-src ‘https://fonts.googleapis.com’; img-src ‘self’ https://i.imgur.com; object-src ‘self’; script-src ‘self’; style-src ‘self’”
The second value I tried:
add-headers Content-Security-Policy “default-src ‘self’; script-src ‘self’ ‘unsafe-eval’ ‘nonce-’; style-src ‘self’ ‘unsafe-inline’; frame-src *; img-src *; font-src ‘self’; media-src *; connect-src *; object-src ‘none’; base-uri ‘self’;”
Also, I configured X-Frame-Options, and nextcloud says i didn’t implement it, even though Mozilla Observatory says I did.
What should I do? Help