Server version: Nextcloud 25.0.4
When I load my Nextcloud instance at “cloud.example.com/apps/files”
the Developer Tools show that some scripts get blocked because of a CSP:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). Source: event.preventDefault()
The reason seems to be that the nonce values inside the HTML are not set to their corresponding value:
I can see in the sent headers that some nonce value is set there:
The NC logs don’t show anything useful
How can I resolve this issue? Where should I start looking?