Enabling apps generates an http url despite being served over https

norseghost · April 4, 2025, 10:43am

more accurate description of previous issue

up to date nextcloud, running off the php-fpm docker compose stack

when I try and enable an app from the app store, I get the error;

Refused to connect to 'http://cloud.andersens.xyz/apps/files/' because it violates the following Content Security Policy directive: "connect-src 'self'".

if i disable CSP headers, I get the error;

Mixed Content: The page at 'https://cloud.andersens.xyz/settings/apps/disabled' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://cloud.andersens.xyz/apps/files/'. This request has been blocked; the content must be served over HTTPS.

so. somehow app enabling specifically gets http prepended instead of https.

docker exec -it --user www-data nextcloud_app php occ config:list system |grep overwrite
        "overwrite.cli.url": "https:\/\/cloud.andersens.xyz",
        "overwriteprotocol": "https",
        "overwritehost": "cloud.andersens.xyz",

norseghost · April 5, 2025, 2:46pm

just did a clean reinstall from my compose stack (GitHub - norseghost/nfr-dckr-cmps: docker compose files for my local infrastructure). issue still persists.

B3r3av3d · April 21, 2025, 9:21pm

Same thing happening here with version 31.0.2

PinchePelon · April 27, 2025, 4:29am

Did you have any luck figuring this out? Running in to the same exact issue with an identical setup to yours.

Every time I hit enable on an app I see a GET request to http://cloud.mydomain.com/apps/files and error of “NS_ERROR_DOM_BAD_URI” and “NS_ERROR_UNEXPECTED” in the browser console. I’ve tried modifying the CSP all sorts of different ways with no success. Upgraded to 31.0.4 which didn’t fix anything either.

SysKeeper · April 27, 2025, 9:25am

I think this is fixed by [master] fix(settings): Use axios directly for health check to preven URL sanitizing by backportbot[bot] · Pull Request #52439 · nextcloud/server · GitHub