Support intro
Sorry to hear you’re facing problems 
help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
example
Or for longer, use three backticks above and below the code snippet:
longer
example
here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can 
Nextcloud version (eg, 20.0.5): 21.0.1
Operating system and version (eg, Ubuntu 20.04): linuxserver/nextcloud docker image, latest
Apache or nginx version (eg, Apache 2.4.25): nginx on server 1
PHP version (eg, 7.4): 7.4
The issue you are facing:
I have problems, to load nextcloud web on safari macos and all browsers on iPadOs / iOS.
On other browser, there are no problems. Nexcloud web site with styles is loading, but with no login form.
I have CSP errors in browser log, prevent loading JS by by script-src.
I tried some more entries in trusted_proxys, but without success.
If it help, here is my nginx configuration of server 1, where nginx proxy runing:
upstream server2 {
server ip_server2:9443;
}
…
location / {
#client_max_body_size 4096M;
proxy_buffers 64 4k;
proxy_buffer_size 4k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://server2;
}
Is this the first time you’ve seen this error? (Y/N): No, since installation
Steps to replicate it:
- Server1: Webserver with nginx proxy_pass, redirected with https
- Server 2: Docker with nextcloud image
- Open Nextcloud in Safari
The output of your Nextcloud log in Admin > Logging:
PASTE HERE
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
{
"system": {
"memcache.local": "\\OC\\Memcache\\APCu",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"server2name:9443",
"domain.com",
"server1name"
],
"trusted_proxies": [
"IP Server 1"
"IP Server 2"
"server1name"
"domain.com"
],
"dbtype": "mysql",
"version": "21.0.1.1",
"overwrite.cli.url": "https:\/\/omv:9443",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"twofactor_enforced": "false",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"theme": "",
"loglevel": 0,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpsecure": "tls",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"app_install_overwrite": [
"calendar",
"bruteforcesettings"
],
"default_phone_region": "DE"
}
}
The output of your Apache/nginx/system log in /var/log/____:
PASTE HERE
Browser log
Browser log
[Error] Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 14. The default protections will be applied. (login, line 1)
[Error] Refused to load https://domain/core/js/dist/main.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/core/js/dist/files_fileinfo.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/core/js/dist/files_client.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/js/core/merged-template-prepend.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/core/l10n/de_DE.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_sharing/l10n/de_DE.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_sharing/js/dist/main.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_videoplayer/js/main.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_rightclick/l10n/de_DE.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_rightclick/js/script.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/files_rightclick/js/files.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/theming/l10n/de_DE.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/apps/theming/js/theming.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain/core/js/dist/login.js?v=c9a86094-2 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (login, line 32)
Response Header of login page
:status: 200
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-T3FNb1Q1eXBCR2xKem1NVkhSb0tuRVp0TGJKZTlZSGxWeFMrZC9OWlZCaz06QzVCZEhhemlZbEFLdXhOQVQxY2gvbjRLYXVZVGhibXNGR1NKSUxRdUEyOD0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self', default-src https: data: 'unsafe-inline' 'unsafe-eval';, frame-ancestors *.domain.com
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Referrer-Policy: no-referrer
Cache-Control: no-cache, no-store, must-revalidate
Date: Thu, 22 Apr 2021 06:18:14 GMT
Content-Length: 4951
X-Content-Type-Options: nosniff, nosniff
X-Frame-Options: SAMEORIGIN, sameorigin
Server: nginx
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-robots-tag: none, none
feature-policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;, max-age=63072000; includeSubDomains; preload