Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nextcloud Office: Cross-Origin-Opener-Policy breaks other nextcloud apps #4103

Open
droogi opened this issue Oct 8, 2024 · 3 comments · May be fixed by #4207
Open

Nextcloud Office: Cross-Origin-Opener-Policy breaks other nextcloud apps #4103

droogi opened this issue Oct 8, 2024 · 3 comments · May be fixed by #4207

Comments

@droogi
Copy link

droogi commented Oct 8, 2024
edited
Loading

Describe the bug
enabling Nextcloud Office breaks other nextcloud apps

To Reproduce
Steps to reproduce the behavior:

  1. Enable Nextcloud Office 8.5.1
  2. Click on maps or memories
  3. maps: tiles are not loaded, memories: preview is not displayed, pictures are not loaded

Expected behavior
Other nextcloud apps should work

Screenshots

  • e.g no preview in memories Image

  • e.g no tiles in maps

Image

Client details:

  • OS: windows 11, android, android memories app
  • Firefox 131, Edge 129
  • Device: desktop, android, nextcloud apps

Server details

Operating system: dietpi 9.7

Web server: nginx 1.22.1

Database: MariaDB

PHP version: PHP 8.2.24

Nextcloud version: 29 & 30

Version of the richdocuments app: Nextcloud Office 8.5.1

Browser log

mistakes:

    The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '://'. It will be ignored.

    c.tile.openstreetmap.org/11/1086/692.png:1

        GET https://c.tile.openstreetmap.org/11/1086/692.png net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 (OK)

Hit F12 to open developer tools, switch to Network tab, reload page with F5. At the top of the request list, select maps/, then select "Headers" tab in the newly opened frame.

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener Policy: same-origin

Discovery and possible root cause

discovery
possible root cause with explanation by MichaIng
same? failure was mentioned [here] (#3260)
@droogi
Copy link
Author

droogi commented Oct 27, 2024

@juliusknorr could you please have a look at this issue?

@MrRinkana MrRinkana mentioned this issue Nov 2, 2024
Open
tcitworld added a commit that referenced this issue Nov 7, 2024
@tcitworld
fix(headers): only add Cross-Origin-Opener-Policy and Cross-Origin-Em…
6c8edfa 
…bedder-Policy on richdocuments

Otherwise it's being added to absolutely all requests, creating issues in other apps

Closes #4103

Signed-off-by: Thomas Citharel <[email protected]>
@tcitworld tcitworld linked a pull request Nov 7, 2024 that will close this issue
Open
3 tasks
@kstorbakken
Copy link

Any update on this issue? It's preventing me from updating past NC 28. I thought there was something wrong with my install but I was able to confirm I'm experiencing this problem.

@dinosmm
Copy link

dinosmm commented Dec 10, 2024

I have an issue where Memories works fine except for public share links for albums.

When an album is viewed via a public share link (by unregistered/not-logged-in users), the thumbnail previews don't show. A placeholder is shown instead. When a thumbnail is clicked, a bigger placeholder shows. When the bigger placeholder is clicked, the image loads correctly.

This only happens on public share links. The same album shows fine, previews and all, from within the Memories app, as does every other picture.

This problem ONLY happens if the Nextcloud Office app is enabled. If I disable Office, and immediately refresh a logged-out tab showing a public-link album, the thumbnails show up straight away. If I then re-enable the Office app, and again immediately refresh the public link album tab, the thumbnails don't load.

The browser console shows 500 errors when trying to access the thumbnails.

This suggests the Office app is doing something to interfere with how Memories handles public link thumbnails and images. I applied the fix referenced here by @tcitworld but it didn't help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@droogi @dinosmm @kstorbakken