Share links for audio files use HTTP, giving CSP error

Hi, I’m wondering if I have a configuration issue or if I have found a bug here.

When visiting a shareable link for an audio file, the file will not play. Instead, you get a content security policy error. See here: Note the CSP error in the browser console because the source of the file is over HTTP, not HTTPS.

This does not happen with video files, like here: The video source is over HTTPS, and the video plays.

That is on a brand new Nextcloud install using the docker-compose file found here: I didn’t make any other configuration changes.

At first I thought this could be fixed by changing a base URL somewhere, but the fact that it’s only with <audio> tags, and not <video> ones, makes me think that those are getting their src URLs from different places, and that it’s a bug with embedding audio.

Nextcloud version: 18.0.3
Ubuntu version: 18.04
Nginx version (web container): 1.17.9
Nginx version (proxy container): 1.17.6

I’m not sure why the file type would matter, but there’s an option called overwriteprotocol that can force it to use HTTPS. You might try setting that.

That did it. Thank you!

1 Like