Can't include a nextcloud calendar as custom widget

[derhagen]

Steps to reproduce:

• Create new room
• Add new custom widget
  • Use a shared nextcloud calendar, e.g.: https://nextcloud.derhagen.eu/apps/calendar/embed/ZrPTXkGFW6iKn8Hd
• The widget does not load

The console presents the following error message: The resource from “https://scalar.vector.im/api/widgets/generic-*****.bundle.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).

I'm using Firefox 111.0.1, but the same behaviour occurs in a current Flatpak version of element-web

[Half-Shot]

I think that error is a red herring, broadly looking at the logs I can see a bunch of CSP errors which are probably due to the hosted nextcloud instance not allowing itself to be embedded.

[derhagen]

right, the nextcloud delivers a x-frame-options: SAMEORIGIN header, I guess that's the cause. Thank you for helping me debug this :)