Solved: Nextcloud unable to load CSS, login page shows '{productName}'

ℹ️ Support
, , , , ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

The Basics

  • Nextcloud Server version (e.g., 29.x.x):

    • Nextcloud Hub 10 (31.0.9)

    • Operating system and version (e.g., Ubuntu 24.04):

    • AlmaLinux 8.10

  • Web server and version (e.g, Apache 2.4.25):
    • 2.4.37
  • PHP version (e.g, 8.3):
    • 8.2
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • After implementing Content-Security-Policy
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Archive
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No

Summary of the issue you are facing:

The frontpage shows “Inloggen bij {productName}” (dutch), and after logging in, the interface is not showing up correctly (eg. CSS not loading).

Steps to replicate it (hint: details matter!):

  1. In Apache, configure the following CSP header:
    Header always set Content-Security-Policy “default-src ‘self’; script-src ‘self’; object-src ‘none’; frame-ancestors ‘none’; base-uri ‘self’; form-action ‘self’; style-src ‘self’;”

Log entries

Web server (apache)

127.0.0.1 - - [14/Sep/2025:13:12:58 +0200] “GET /css/RichWorkspace-Dn8GlGXa.chunk.css HTTP/1.1” 404 - “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.6 Safari/605.1.15”

(many more of these 404s for css files)

Solution

Allow ‘unsafe-inline’ for script-src and style-src:

Header always set Content-Security-Policy “default-src ‘self’; script-src ‘self’ ‘unsafe-inline’; object-src ‘none’; frame-ancestors ‘none’; base-uri ‘self’; form-action ‘self’; style-src ‘self’ ‘unsafe-inline’;”

Hope this helps anyone running into the same issue :slight_smile:

2

Hello @frankt, welcome to the Nextcloud community! :handshake:

I’m glad to see you solved the problem. just a general advice - Nextcloud is designed to handle CSP itself so you should not mangle with CSP yourself. look at csp topics.

3

Hi WWE,

Thanks, I will look into that topic. Reason I ran into this, as I had set the CSP globally in Apache, not just the Nextcloud vhost.

Good to know Nextcloud is designed to handle CSP.

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.