Skip to content

Fix Nextcloud login form Content Security Policy issue

I get the following error when my Nextcloud instance is hosted on a FreeNAS machine and it’s behind Nginx reverse proxy.

Refused to send form data to ‘http://cloud.example.com/’ because it violates the following Content Security Policy directive: “form-action ‘self’ cloud.example.com”.

It’s because the host is enabled with HTTPS, but the Nextcloud instance is running as HTTP behind the reverse proxy, thus Nextcloud itself doesn’t know it should run as HTTPS.

Solution

We can add the following line into config/config.php:

  'overwriteprotocol' => 'https',

Basically, it tells Nextcloud to run the instance as HTTPS. It perfectly resolved the problem, instead of struggling with the Nginx Content Security Policy directive.

My setup info

FreeNAS version: FreeNAS-11.3-U1
Nextcloud version: 21.0.2

Nextcloud directory path in FreeNAS jail: /usr/local/www/nextcloud

Reference

  • https://github.com/nextcloud/server/issues/17409#issuecomment-538684976
  • https://content-security-policy.com/
Published inMedia Server

Be First to Comment

Leave a Reply

Your email address will not be published.