Update from nextcloud 15.0.0 beta 2. to Nextcloud 15.0.0 RC 1 doesn't work with webupdater

hello,

I just try to update NC 15 beta 2 to NC 15 rc1 using the web updater (like i do usualy and it still work fine until today).
But here when i click on “Start Update”… nothing appens…it never begin…
nc_update

If anyone can tell me what to do or where i can look to solve this … it should be great :slight_smile:

The updater is broken in this version, I think you can fix it by changing a small bit of code regarding the CSP policy. Look at your browser console and post the errors here.
Alternatively, you can also upgrade manually: https://docs.nextcloud.com/server/14/admin_manual/maintenance/manual_upgrade.html

here is the output of my browser console

"Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".


    at HTMLScriptElement. (root.vue:269)
    at Function.each (core.js?v=ec50261f-23:2)
    at a.fn.init.each (core.js?v=ec50261f-23:2)
    at Object.success (root.vue:268)
    at j (core.js?v=ec50261f-23:2)
    at Object.fireWith [as resolveWith] (core.js?v=ec50261f-23:2)
    at x (core.js?v=ec50261f-23:4)
    at XMLHttpRequest. (core.js?v=ec50261f-23:4)"
1 Like

There are some files where script-src is set to ‘self’. You have to find these lines and change it to ‘unsafe-eval’

I don’t know which files you have to change though. There is “ContentSecurityPolicyManagerTest.php” in ⁨tests⁩ ▸ ⁨lib⁩ ▸ ⁨Security⁩ ▸ ⁨CSP⁩. Try if it works or search for other files and amend them. Report back please if it worked.

We found this as well and we fixed this in 15.0.0 RC 2. So until then you need to use the CLI based updater.phar inside /path/to/nextcloud/updater to update. Once you are at 15.0.0 RC 2 the web based updater works again.