I am trying to embed a publicly shared Nextcloud folder with collabora documents in an iframe. The embedding works as long as I don’t open any collabora files.
Opening the files using the non-embedded public share link works.
The browser console is spamming:
Request to https://cloud.XXXXXXX.de/ocs/v2.php/apps/text/public/workspace?path=%2FXXXXX&shareToken=XXX failed because of a CSRF mismatch. Fetching a new token
(anonymous) @ index.es.mjs:90
workspace:1 Failed to load resource: the server responded with a status of 412 ()
The collabora server log also shows some errors/warnings but i am not sure if they are related to my problem:
wsd-00001-00041 2023-09-24 09:40:04.935487 +0000 [ websrv_poll ] ERR Poco::Net::DNS::resolve("172.71.160.99") failed: Host not found: 172.71.160.99| wsd/COOLWSD.cpp:3009
wsd-00001-00041 2023-09-24 09:40:04.936606 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: 172.71.160.99| wsd/COOLWSD.cpp:3015
wsd-00001-00041 2023-09-24 09:42:55.184257 +0000 [ websrv_poll ] ERR Poco::Net::DNS::resolve("172.71.160.102") failed: Host not found: 172.71.160.102| wsd/COOLWSD.cpp:3009
wsd-00001-00041 2023-09-24 09:42:55.184901 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: 172.71.160.102| wsd/COOLWSD.cpp:3015
The domain that tries to access the file is added to the ContentSecurityPolicy.php of Nextcloud as allowedFrameDomains and allowedFrameAncestors as well as trusted_domain in the config.php
And also as aliasgroup1 environment variable for the collabora server like this
aliasgroup1=https://XXX\.de:443,https://XXX\.XXX\.de:443
I have already read various very similar looking threads, but I really can’t figure out what’s wrong with my configuration.