Hi,
I’m affected by the same issue. Just installed a fresh macOS catalina with Safari 13.1.1 (15609.2.9.1.2) just to make sure no personal settings, plugins, apps whatsoever affect this. And even on the clean install, not even the login page is displayed. I see an empty page with just the blue Nextcloud background, the Nextcloud logo and the Attribution line in the footer. No username / password boxes or login button.
Nextcloud is Version 20.0 running on Apache on Arch Linux. I don’t know whether this issue existed in previous versions, as I’m using Linux, not macOS, but I noticed that one of my users who is using macOS can’t use my Nextcloud instance at all.
The JavaScript console displays 15 errors for scripts that Safari refused to load “because it does not appear in the script-src directive of the Content Security Policy”. A 16th error says “Refused to execute a script because its hash, its nonce or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. - login:33”
Is this a bug, or a mistake on my side? How can I diagnose this further? See the complete error messages here:
[Error] Refused to load https://domain.org/core/js/dist/main.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/files_fileinfo.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/files_client.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/index.php/js/core/merged-template-prepend.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_sharing/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_sharing/js/dist/main.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_pdfviewer/js/files_pdfviewer-public.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_videoplayer/js/main.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/js/script.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/js/files.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/theming/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/theming/js/theming.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/login.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (login, line 33)
Thanks in advance!