Closed Webrow closed 10 months ago
Same here, on a debian VM. The link to the pad is shown when pointing on the title bar, so the pad is still available.
Im here to provide some additional info since Jaxom99 pinged me yesterday. It still is a CSP error but I fixed it eventually. I used nginx to rewrite the headers. Eventually I setup a host on the domain itself (etherpad.domain.tld / ethercalc.domain.tld) Since the domain is whitelisted by default this solved my issue. The error in the console is misleading it prints the current domain since it is loaded in a frame. The issue originates in that the host for etherpad/ethercalc is NOT whitelisted, but due to the url-rewrite it looks like you are loading an internal source which fails. (the failure comes from https://beta.etherpad.org/thisisyourpad for example) I hope this might help you out @Jaxom99
Okay, thanks for the details 👍 I will try to implement that in my case, and report back here.
I also got same problem. In my case, I configured dedicated etherpad-lite host on the same hostname as nextcloud host, with diffrent path by using reverse proxy (like https://service.example.org/nextcloud for nextcloud and https://service.example.org/etherpad for etherpad-lite). I set Etherpad Host to "https://service.example.org/etherpad" and frame-src content had blocked by content security policy.
I don't know how ContentSecurityPolicy::addAllowedFrameDomain() works, but it seems that it doesn't accept full URL with path spec for its argument. With patch below, I could solve my problem.
--- lib/Controller/DisplayController.php.orig 2019-05-26 01:59:40.000000000 +0900
+++ lib/Controller/DisplayController.php 2019-05-29 11:17:02.202546000 +0900
@@ -175,7 +175,12 @@ class DisplayController extends Controller {
$policy = new ContentSecurityPolicy();
if($this->config->getAppValue('ownpad', 'ownpad_etherpad_enable', 'no') !== 'no') {
- $policy->addAllowedFrameDomain($this->config->getAppValue('ownpad', 'ownpad_etherpad_host', ''));
+ # dirty hack for our host
+ $eplHost = $this->config->getAppValue('ownpad', 'ownpad_etherpad_host', '');
+ if (preg_match("#^(?<host>(https?://)?[A-Za-z0-9.-]+)(:[0-9]+)?((/|%2[Ff]).*)?$#", $eplHost, $match)) {
+ $eplHost = $match['host'];
+ }
+ $policy->addAllowedFrameDomain($eplHost);
$policy->addAllowedChildSrcDomain($this->config->getAppValue('ownpad', 'ownpad_etherpad_host', ''));
}
I also think more deeper path for Etherpad Host can cause another problem, but it may be another issue.
I also think more deeper path for Etherpad Host can cause another problem, but it may be another issue.
This was my confusion. Please ignore this part.
I’m closing this issue since this is a very old one. Please open a new issue if you still encounter this issue with the latest version of Ownpad!
Setup a Rpi with nextcloud. Installed etherpad-lite on the raspberry, Setup the server, Installed ownpad, Assosciation of the files in nextcloud are fine, but when opening a pad / calc I see nothing in the frame. Console prints out a CSP error, http://puu.sh/AN6u4/1535504ccd.png Nextcloud 13.0.2 is used.