Over the past week we have seen a huge slow-down and can’t see what is causing it. Originally it was on NC v21 and slowed down, so some users were seeing 50+ seconds to get to the password list.
Today I upgraded to NC v23 and after a restart of the container set it performed well to begin with. Then it got gradually slower. If I look in dev tools on Chrome I can see the call to /apps/passwords/api/1.0/session/open taking 26s and a further 26s to /apps/passwords/api/1.0/folder/show
Nextcloud version (eg, 20.0.5): Nextcloud Hub II (23.0.5)
Operating system and version (eg, Ubuntu 20.04): Debian (buster) 4.19.0-10-amd64 x86_64
Apache or nginx version (eg, Apache 2.4.25): 1.21.1
PHP version (eg, 7.4): 8.0.20
The issue you are facing:
Is this the first time you’ve seen this error? Yes:
Steps to replicate it:
Just use Nextcloud.
This is strange. Whilst gathering this information, the system is performing normally??? This is how end users feel when they ask me a question
I think it’s best I close this an revisit after monitoring it some more.
Don´t blame the user first shot. Take a look at the DevTools in Chromium. Seems something in NextCloud uses a depricated jQuery function:
jQuery is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own.
Seems to have something to do with fonts:
"Refused to load the font 'https://fonts.gstatic.com/s/mulish/v11/1Ptvg83HX_SGhgqk3wot.woff2' because it violates the following Content Security Policy directive: "font-src 'self' data:"."
Rest of Nextcloud apps runs smooth and fast, except Passwords … just saying
I’ll put together a proper support form, but this isn’t a nextcloud issue. Many of the other features are fine, group folders, deck etc. It’s just passwords that seem very laggy.
If that happens again, check the bruteforce table of Nextcloud. If the NC bruteforce protection has been triggered, all requests to the passwords api will be slowed down.
If you Nc can’t differentiate between individual users (e.g. when all requests come from a proxy and NC isn’t configured to trust the forwarded ip header), any client with invalid credentials can trigger the bruteforce protection for all users.
Refused to load the font 'https://fonts.gstatic.com/s/ibmplexsans/v8/zYXgKVElMYYaJe8bpLHnCwDKhdHeFaxOedc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' data:".
NcMultiselect.js:2 Refused to load the font 'https://fonts.gstatic.com/s/ibmplexsans/v8/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdP3pBms.woff2' because it violates the following Content Security Policy directive: "font-src 'self' data:".
NC writes its own CSP now. That could conflict with CSP that is added to apache or nginx.
Latest stable 25.0.2 has this error also:
And there are still very much script warnings.
“$ is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own.”
The passwords app does not load fonts from google. It also doesn’t add openstreetmap to the CSP.
If you’re experiencing slowdowns while using the maps app, take a look at these tickets: