Nextcloud Assistant blocked by Content Security Policy

Nextcloud version (eg, 29.0.5): 30.0.0
Operating system and version (eg, Ubuntu 24.04): Ubuntu 24.04
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.58
PHP version (eg, 8.3): PHP 8.3
Nextcloud is behind a NGINX reverse proxy on a different machine

Nextcloud Assistant not opening. No visible error message.
Error only visable, when examin side code.
Blocked by Content Security Policy.

Uncaught (in promise) SecurityError: Failed to construct ‘Worker’: Access to the script at ‘blob:https://xxx.xxx.de/8038e87c-c778-4502-943d-85b30b6bc8be’ is denied by the document’s Content Security Policy.
at sF (ScheduledEmptyConten…chunk.mjs:33:104081)
at ScheduledEmptyConten…chunk.mjs:33:110223

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Install App Nextcloud Assistant & LocalAI
  2. Configure Artificial Intelligence in ADMIN
  3. Try to open Nextcloud Assistant

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => 'xxx',
    1 => '192.168.33.2',
  ),
  'trusted_proxies' => 
  array (
    0 => '10.0.0.1',
  ),
  'datadirectory' => '/data-1/nextcloud',
  'dbtype' => 'mysql',
  'version' => '30.0.0.14',
  'overwrite.cli.url' => 'https://xxx',
  'overwriteprotocol' => 'https',
  'overwritehost' => 'xxx',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxx',
  'dbpassword' => 'xxx',
  'installed' => true,
  'maintenance' => false,
  'maintenance_window_start' => 3,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'default_phone_region' => 'DE',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'xxx',
  'mail_domain' => 'xxx',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'xxx',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'xxx',
  'mail_smtppassword' => 'xxx',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => '2',
  'log_rotate_size' => '104857600',
  'memories.db.triggers.fcu' => true,
  'memories.exiftool' => '/var/www/nextcloud/apps/memories/bin-ext/exiftool-amd64-glibc',
  'memories.vod.path' => '/var/www/nextcloud/apps/memories/bin-ext/go-vod-amd64',
  'skeletondirectory' => '',
  'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
  'memories.vod.ffprobe' => '/usr/bin/ffprobe',
);

I have the same error in chrome browsers (Brave version is 1.70.119, Chromium is 129.0.6668.70 (Official Build, ungoogled-chromium)).
In Firefox (131.0 (64-bit)), the error is displayed, but the assistant modal window appears. Firefox console log:

I just got managed it, that the window now opens. I am not sure, that this was intended on some points, but the

/var/www/nextcloud/lib/public/AppFramework/Http/ContentSecurityPolicy.php

contains the following lines:

	/** @var array Domains from which web-workers can be loaded */
	protected $allowedWorkerSrcDomains = [];

after changing it to

	/** @var array Domains from which web-workers can be loaded */
	protected $allowedWorkerSrcDomains = [
		'\'self\'',	
		'data:',
		'blob:',
	];

It works now…

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.