How do I solve Content Security Policy errors?

Scott-Trakker · August 24, 2021, 9:14am

Hello Nextcloud administrators!

I just did a fresh installation of Nextcloud and everything works fine except that I get the following messages in the browser console:

Content Security Policy: The page’s settings blocked the loading of a resource at http://[my.domain.com]/apps/activity/img/activity-dark.svg (“img-src”).

Content Security Policy: The page’s settings blocked the loading of a resource at http://[my.domain.com]/core/img/actions/user.svg (“img-src”).

Content Security Policy: The page’s settings blocked the loading of a resource at http://[my.domain.com]/apps/firstrunwizard/img/apps/deck.svg (“img-src”).

(I replaced the real domain with [my.domain.com])

How do I solve these Content Security Policy errors?

Set-up:
Nextcloud is running in a virtual machine (RHEL + Apache).
The host also runs on RHEL, and I use Apache as a reverse proxy.

Scott-Trakker · August 24, 2021, 10:47am

I just learned that when I visit the website with HTTP instead of HTTPS, the images load fine and I don’t get any Content Security Policy errors. I think it has something to do with the reverse proxy.

Scott-Trakker · August 24, 2021, 11:58am

I found the solution!

I just had to add the following code to config/config.php:

'overwrite.cli.url' => 'https://your.domain.com',
'overwriteprotocol' => 'https',

I found the solution on this website.