Nextcloud version (eg, 20.0.5): 21.0.0
Operating system and version (eg, Ubuntu 20.04): UnRAID 6.9.1
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.18.0
PHP version (eg, 7.4): 7.4.16
The issue you are facing:
I have setup a Nginx reverse proxy to use Oauth (via Oauth2-Proxy) to authenticate access to specific subdomains. I use Nextcloud as Oauth provider.
The redirect in Chromium based browsers isn’t working correctly (Firefox works fine)
Is this a thing I can fix on my end?
Nextcloud is setup on: nextcloud.domain.com
The Oauth proxy on: oauth.domain.com
The protected WebUI on: portainer.domain.com
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Setup a Oauth2-Proxy that uses Nextcloud as the Oauth2 provider (e.g. Oauth2-Proxy or Vouch-Proxy, tested both)
- Put that Oauth2 proxy on it’s own subdomain (e.g.
oauth.domain.com) behind a reverse proxy - Setup a different service behind the reverse proxy (e.g. the Portainer webUI) that requires authentication via Oauth. Authentication setup via the reverse proxy.
- Try to access the protected subdomain by login via Nextcloud
- The redirect after granting access will fail due to the Content-Security-Policy “form-action” not taking other subdomains into account (only the redirect URI set for that Oauth client)
Refused to send form data to 'https://portainer.domain.com/' because it violates the following Content Security Policy directive: "form-action 'self' https://oauth.domain.com/oauth2/callback".
The https://oauth.domain.com/oauth2/callback represents the exact Redirection URI set in the Oauth settings in nextcloud. If I change that URI to https://portainer.domain.com/ instead, I get the same issue but reversed (It then can’t access https://oauth.domain.com/).
`