No maps on any apps!

ℹ️ Support
, ,
1

Hello All!
Following an upgrage from 29.02 to 29.0.9, no maps on any apps using external maps would display (Maps, Gpxpod, Phonetrack…).
Hitting F12 on firefox reveals many errors similar to:

The resource at “https://b.tile.openstreetmap.org/3/4/3.png” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof)
I’ve looked up the issue, found a reco in a thread talking about installing Webapppassword (CORS requests blocked in Nextcloud app), but doesn’t seem related to my issue.

Could anyone assist me with this, please ?

Home hosted personal server | Nextcloud 29.0.9 | TrueNAS Core 13.2 | Install is fully operational, accessible from the outside local network | CalDav operational

Thank you !
Tang’

2

It looks like a CORS issue with external map tiles. Try checking your server settings to allow cross-origin requests and ensure Nextcloud is properly configured. Also, review any firewall settings that could be blocking the maps. If the problem continues, check if recent updates in Nextcloud or TrueNAS have affected this.

3

Thanks for the answer. Sorry, I forgot to add that the setup is a nextcloud server on Apache24 (one jail) but behind a reverse proxy (another jail) based on Nginx.
Question is: who is handling the CORS requests ? Nextcloud, Apache24 or the reverse proxy NGINX ?
I understand the fix will probably be simple parameter to adjust, but just don’t know where to look.

4

Nextcloud should handle the CORE-Rules. But maybe your reverse proxy setup will remove them or create new ones.

5

Sorry guys, … I’m not finding it !
I’ve looked into the NGINX (reverse proxy) conf files and have seen nothing about CORS.
In my nextcloud jail, I’ve tried editing .htaccess (seen Enabling CORS on NextCloud | amos2021ws03-teams-to-nextcloud) with the 3 variants below (one after the other, each time restarting Apache24 with no errors):

Header always add Access-Control-Allow-Origin "https://server.arcgisonline.com"
Header always add Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Range, Range, Depth, Destination"
Header always add Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND, MKCOL"
Header always add Access-Control-Allow-Credentials "true"

=> FAILED

 Header onsuccess unset Access-Control-Allow-Origin
 Header always set Access-Control-Allow-Origin *

=> FAILED

Header always set Cross-Origin-Resource-Policy cross-origin

=> FAILED

Here is what I get from https://www.webconfs.com/http-header-check.php with the last attempt:

HTTP/1.1 401 Unauthorized =>
Server => nginx/1.24.0
Date => Sun, 17 Nov 2024 18:16:45 GMT
Content-Type => application/json; charset=utf-8
Content-Length => 43
Connection => close
X-Powered-By => PHP/8.3.1
X-Request-Id => ro8yvbfuamnNZOyzGTQC
Cache-Control => no-cache, no-store, must-revalidate
Content-Security-Policy => default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
Feature-Policy => autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag => noindex, nofollow
Set-Cookie => ocifuporzzjg=p855iljj7vi66vjett6qscrutv; path=/; secure; HttpOnly; SameSite=Lax
Referrer-Policy => no-referrer
X-Content-Type-Options => nosniff
X-Frame-Options => SAMEORIGIN
X-Permitted-Cross-Domain-Policies => none
X-XSS-Protection => 1; mode=block
Cross-Origin-Resource-Policy => cross-origin
Strict-Transport-Security => max-age=63072000

Still the error:

The resource at “https://server.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer/tile/15/10892/16362” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof)

Herebelow the content of section ‘mod-env.c’ in my .htaccess file:

  <IfModule mod_env.c>
    # Add security and privacy related headers

    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    ## Manually added lines below for management of cross origins resources as per https://amosproj.github.io/amos2021ws03-teams-to-nextcloud/Documentation/EnablingCORSonNextcloud.html
    #Header always add Access-Control-Allow-Origin "https://server.arcgisonline.com"
    #Header always add Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache>
    #Header always add Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND, MKCOL"
    #Header always add Access-Control-Allow-Credentials "true"

   ## Other attempt but removed... must be overridden by Nextcloud or NGINX reverse proxy
   # Header onsuccess unset Access-Control-Allow-Origin
   # Header always set Access-Control-Allow-Origin *

   ## Other try... no success
   Header always set Cross-Origin-Resource-Policy cross-origin


    SetEnv modHeadersAvailable true
  </IfModule>

'Could really do with some assistance, please.
Let me know if you need more info.
Thanks !

6

Note: I’m realizing that (if now I’m correct, which remains TBC…) all those parameters are to allow other sites to load contents from my site into theirs, not the other way around !..
In which case, I’m even more lost: why would Openstreetmap tiles not load within the ‘maps’ app in my nextcloud ???