I assume this Content Security Policy setting is something relatively new to Nextcloud as I had no such problem using the vm script on my previous install?
Yes, it’s new. Me and @szaimen had a discussion about it, just due to the fact that I kind of knew issues like this will arise. We decided to merge it in the end, and now we ended up here.
Now I’m thinking if we should remove it again?
When thinking about it, @szaimen is right - this issue is not about a default config. Like I posted earlier, you should consider a reverse proxy if you need more services than one for 80|443. Personally I have 43 servers behind mine, and it’s only a 2 CPU 1 GB RAM machine.
The VM are made with some sane defaults, and I don’t think we should sacrifice security for 95% of the users to save 5% from having issues.
Do you think I’m wrong?
@szaimen Maybe we could make it obvous by letting the user know that only default ports are allowed, and if the user wants another config, we could link to your post about removing that line in the config.
Sorry about that 
I guess if there’s only a handful of problems with configurations like mine, and if the benefit of the policy outweigh the the issues raised, leaving it in may be the better solution. It’s only the case of commenting out a specific line of text after all.
I guess it comes down to how much of a security risk is involved.
1 Like
Looks fine to me, though I’d probably capitalise so it read: “forwarded to THIS machine!” just for more emphasis. That’s just me being picky though
1 Like