Nextcloud version (eg, 20.0.5):
Operating system and version (eg, Ubuntu 20.04):
Apache or nginx version (eg, Apache 2.4.25):
PHP version (eg, 7.4):
The issue you are facing:
I have setup a Nginx reverse proxy to use Oauth (via Oauth2-Proxy) to authenticate access to specific subdomains. I use Nextcloud as Oauth provider.
The redirect in Chromium based browsers isn’t working correctly (Firefox works fine)
Is this a thing I can fix on my end?
Nextcloud is setup on:
The Oauth proxy on:
The protected WebUI on:
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Setup a Oauth2-Proxy that uses Nextcloud as the Oauth2 provider (e.g. Oauth2-Proxy or Vouch-Proxy, tested both)
- Put that Oauth2 proxy on it’s own subdomain (e.g.
oauth.domain.com) behind a reverse proxy
- Setup a different service behind the reverse proxy (e.g. the Portainer webUI) that requires authentication via Oauth. Authentication setup via the reverse proxy.
- Try to access the protected subdomain by login via Nextcloud
- The redirect after granting access will fail due to the Content-Security-Policy “form-action” not taking other subdomains into account (only the redirect URI set for that Oauth client)
Refused to send form data to 'https://portainer.domain.com/' because it violates the following Content Security Policy directive: "form-action 'self' https://oauth.domain.com/oauth2/callback".
https://oauth.domain.com/oauth2/callback represents the exact Redirection URI set in the Oauth settings in nextcloud. If I change that URI to
https://portainer.domain.com/ instead, I get the same issue but reversed (It then can’t access