Error in Collabora Code: Content Security Policy (“frame-src”)

muhammadhanif · August 6, 2018, 2:02pm

I installed collabora code on docker and integrated it to my owncloud. My docker host is behind the firewall (iptables DNAT). When I try to open a document, I got error in my browser:

Content Security Policy: The page’s settings blocked the loading of a resource at http://my-domain.com/index.php/apps/richdocuments/WOPISrc=http%3A%2F%2Fmy-domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2404_ocbi5fufi26w&title=New%20Document.docx&lang=en&closebutton=1&revisionhistory=1&permission=readonly (“frame-src”).

Could you give me a direction to solve the problem?

Thank You.

muhammadhanif · August 8, 2018, 2:18am

Now error CSP does not occur again after I added header configuration in my apache2. But, I find error when try to open a document:

Not Found

The requested URL /index.php/apps/richdocuments/WOPISrc=http://my-domain.com/index.php/apps/richdocuments/wopi/files/2404_ocbi5fufi26w&title=New Document.docx&lang=en&closebutton=1&revisionhistory=1&permission=readonly was not found on this server.

muhammadhanif · August 10, 2018, 1:27am

I just solved the problem (Content Security Policy: frame-src) by adding this to the owncloud virtualhost:

Header set Content-Security-Policy: "frame-ancestors http://my-owncloud.id http://my-collabora.id:9980 "
Header set Content-Security-Policy: "frame-src http://my-owncloud.id http://my-collabora.id:9980 blob:;"

theScrabi · February 4, 2019, 8:42pm

I stumbled across the same issue with nginx. This should be added to the documentation. Either on owncloud/nextcloud side or on collabora. This is extremely annoying.

tom42 · February 6, 2019, 7:09pm

Hey,

if there are any changes required to some documentation then i think it could make sense to report this to the app developer of the collabora app at https://github.com/owncloud/richdocuments/issues