I am trying to embed a publicly shared Nextcloud folder with collabora documents in an iframe. The embedding works as long as I don’t open any collabora files.
Opening the files using the non-embedded public share link works.
The browser console is spamming:
Request to https://cloud.XXXXXXX.de/ocs/v2.php/apps/text/public/workspace?path=%2FXXXXX&shareToken=XXX failed because of a CSRF mismatch. Fetching a new token (anonymous) @ index.es.mjs:90 workspace:1 Failed to load resource: the server responded with a status of 412 ()
The collabora server log also shows some errors/warnings but i am not sure if they are related to my problem:
wsd-00001-00041 2023-09-24 09:40:04.935487 +0000 [ websrv_poll ] ERR Poco::Net::DNS::resolve("22.214.171.124") failed: Host not found: 126.96.36.199| wsd/COOLWSD.cpp:3009 wsd-00001-00041 2023-09-24 09:40:04.936606 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: 188.8.131.52| wsd/COOLWSD.cpp:3015 wsd-00001-00041 2023-09-24 09:42:55.184257 +0000 [ websrv_poll ] ERR Poco::Net::DNS::resolve("184.108.40.206") failed: Host not found: 220.127.116.11| wsd/COOLWSD.cpp:3009 wsd-00001-00041 2023-09-24 09:42:55.184901 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: 18.104.22.168| wsd/COOLWSD.cpp:3015
The domain that tries to access the file is added to the ContentSecurityPolicy.php of Nextcloud as
allowedFrameAncestors as well as trusted_domain in the config.php
And also as aliasgroup1 environment variable for the collabora server like this
I have already read various very similar looking threads, but I really can’t figure out what’s wrong with my configuration.