I’m trying to use NextCloud 23.0.0 using the official Docker image. I re-installed NC on Friday and was able to successfully login until yesterday (Sunday) evening. Posting in the Installation category, as it seems that I’m doing something wrong at the installation; Nextcloud doesn’t work in a stable way after installation.
When I now try to login, I seem to be stuck on the login screen. The browser console shows the following issue:
Refused to send form data to 'https://nc.5y5.one/login' because it violates the following Content Security Policy directive: "form-action 'self' https://nc.5y5.one".
Between yesterday evening and now, I haven’t changed anything at all (was sleeping 
). I’m having the issue with numerous browsers, so it’s also not related to my browser.
On https://gf.dev/csp-test I’m seeing the following Content-Security-Policy header:
default-src 'none';
base-uri 'none';
manifest-src 'self';
script-src 'nonce-bnprdU1xc1JTQXpHaXpvZS9SMUhnME9KWFZsSlNHbEcra1p1R2JyaUdSYz06cmxWWFh2MGlCMytmODNoUGgxb2Y5RFA4RjJzbEVUQWNtUW9qVm9PeWJIOD0=' blob:;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: https://*.tile.openstreetmap.org;
font-src 'self' data:;
connect-src 'self' blob: stun.nextcloud.com:443;
media-src 'self' blob:;
frame-src 'self' https://nc.5y5.one;
child-src blob: 'self';
frame-ancestors 'self';
worker-src 'self' blob:;
form-action 'self' https://nc.5y5.one
According to the error message in the browser console, the issue is with the “form-action” part of the content-security-policy header: form-action 'self' https://nc.5y5.one.
If the login is on https://nc.5y5.one/ (or https://nc.5y5.one/login), what would be the correct value? form-action 'self' https://nc.5y5.one is the default.