Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP issues nextcloud + ownpad + etherpad-lite #10033

Closed
Webrow opened this issue Jun 27, 2018 · 3 comments
Closed

CSP issues nextcloud + ownpad + etherpad-lite #10033

Webrow opened this issue Jun 27, 2018 · 3 comments

Comments

@Webrow
Copy link

Webrow commented Jun 27, 2018

Steps to reproduce

  1. Install Nextclkoud 13.0.2 on Rpi
  2. Install etherpad-lite from the git
  3. install ownpad in nextcloud
    4 . open a pad / calc

Expected behaviour

Frame should load the pad or the calc

Actual behaviour

No frame is being loaded

Server configuration

Operating system:
Raspbian

Web server:
Nginx

Database:
mysql

PHP version:

Nextcloud version: (see Nextcloud admin page)
13.0.2

Updated from an older Nextcloud/ownCloud or fresh install:
fresh install

Where did you install Nextcloud from:

Signing status:

Signing status 
Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list 
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

Config report 
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes

Are you using an external user-backend, if yes which one:

LDAP configuration (delete this part if not used)

LDAP config 
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log 
Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log 
Insert your Nextcloud log here

Browser log

Browser log Shutting down notifications: [0] error merged.js:283:5 Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively. Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: ;!function(){var t,e,n,o=0,u=function(t,.... files:1 JQMIGRATE: Migrate is installed, version 1.4.0 core.js:7:542 window.controllers/Controllers is deprecated. Do not use it for UA detection. merged.js:2171 Source map error: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data Resource URL: https://nextcloud.merwedeassociatie.syncloud.it/core/vendor/core.js?v=1b606016-0 Source Map URL: purify.min.js.map[Learn More] Source map error: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data Resource URL: https://nextcloud.merwedeassociatie.syncloud.it/core/vendor/core.js?v=1b606016-0 Source Map URL: purify.min.js.map[Learn More] Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively. Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: ;!function(){var t,e,n,o=0,u=function(t,.... ownpad:1 Content Security Policy: The page’s settings blocked the loading of a resource at https://nextcloud.merwedeassociatie.syncloud.it/p/gjSGEFShHfg6eaQK (“frame-src”).
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #8330 (Nextcloud Documentation Issue), #3720 (Issues with External Nextcloud Storage), #6718 (Nextcloud 12 Upgrade and Collation Issues), #5901 (Migration from ownCloud to Nextcloud 13+), and #7248 (migrating issue with calendar form owncloud to nextcloud).

@rullzer
Copy link
Member

rullzer commented Jun 28, 2018

This is something the app should probably fix by setting a less strict CSP for some of their pages.

@MorrisJobke
Copy link
Member

Please report it to the maintainer of ownpad: https://github.com/otetard/ownpad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rullzer @MorrisJobke @Webrow @nextcloud-bot