Nextcloud and Safari 13.1 (14609.1.20.111.8)

On latest macOS Safari 13.1 (14609.1.20.111.8) on macOS Mojave 10.14.6 Nextclouds’ web interface doesn’t work properly. For instance the login dialog is not shown. Web Console shows that scripts do not appear in the script-src directive of the Content Security Policy but they are and safari worked before.

The Nextcloud version is the latest 18.0.3, older versions seem to work as far I 've tested.
No server logs seems to help due the fact that this has something in common with the latest Safari Update Apple released yesterday.

Make sure it is not a add blocker or something. If it is the Content Security Policy, you can work around and change it but definitely it has to be reported to the developers to be fixed permanently: https://github.com/nextcloud/server/issues

Hi,
I’m affected by the same issue. Just installed a fresh macOS catalina with Safari 13.1.1 (15609.2.9.1.2) just to make sure no personal settings, plugins, apps whatsoever affect this. And even on the clean install, not even the login page is displayed. I see an empty page with just the blue Nextcloud background, the Nextcloud logo and the Attribution line in the footer. No username / password boxes or login button.

Nextcloud is Version 20.0 running on Apache on Arch Linux. I don’t know whether this issue existed in previous versions, as I’m using Linux, not macOS, but I noticed that one of my users who is using macOS can’t use my Nextcloud instance at all.

The JavaScript console displays 15 errors for scripts that Safari refused to load “because it does not appear in the script-src directive of the Content Security Policy”. A 16th error says “Refused to execute a script because its hash, its nonce or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. - login:33”

Is this a bug, or a mistake on my side? How can I diagnose this further? See the complete error messages here:

[Error] Refused to load https://domain.org/core/js/dist/main.js?v=99319dad-0 because it does     not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/files_fileinfo.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/files_client.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/index.php/js/core/merged-template-prepend.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_sharing/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_sharing/js/dist/main.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_pdfviewer/js/files_pdfviewer-public.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_videoplayer/js/main.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/js/script.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/files_rightclick/js/files.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/theming/l10n/de_DE.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/apps/theming/js/theming.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to load https://domain.org/core/js/dist/login.js?v=99319dad-0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (login, line 33)

Thanks in advance!