Update: looks like this has to do with broken CSP for the screenshot links in apps.json? I’ve written a quick patch to get me through, but I plan to dig a bit deeper, write something more permanent, and share it. Bottom line, though? The links provided by the appstore server REALLY ought to be validated. I’m writing a plugin to do just that, but it’s annoying that there are tons of 404s and other issues in there.
I’m trying to get CSP working behind a reverse proxy (specifically, Google Cloud Run, meaning it’s Docker, and I don’t have control over the nginx proxy server’s settings). I’ve set up the pertinent values in config.php, but I still get errors in my browser’s console when I go to /settings/apps:
Refused to load the image ‘https://raw.githubusercontent.com/nextcloud/logreader/master/screenshots/reader.png’ because it violates the following Content Security Policy directive: “img-src ‘self’ data: blob: https://usercontent.apps.nextcloud.com”.
Refused to load the image ‘https://user-images.githubusercontent.com/245432/43194622-1a40ce90-9003-11e8-8101-15d08cce7264.png’ because it violates the following Content Security Policy directive: “img-src ‘self’ data: blob: https://usercontent.apps.nextcloud.com”.
There are other errors I get on the Dashboard page (Cannot read property 'extend' of undefined and other things), but I’d like to fix CSP, first.
Thank you!!!