Facebook
TwitterI'm trying to open Mattermost on Nextcloud (use external site app).
I have been blocked there by the Contents Security Policty(CSP).
I wrote the following on Nextcloud nginx.
*When I added default-src to CSP, the behavior of Nextcloud became strange.
But there is no change. So I changed the above "MATTTERMOST-URL" to "server IP address". Furthermore, I added the port number of mattermost. In this case, the error disappeared from the browser and became blank. And if I change X-Frame-Options, there is no change at all.
I managed Nextcloud with Plesk, Mattermost outside Plesk. The MariaDB and site settings used by Mattermost were set by Plesk, but nginx is directly added to nginx.conf. When I built Mattermost on Plesk, I struggled with Mattermost's proxy_pass settings. Will I need to think again by specifying a URL? Mattermost could not run without reading the Mattermost nginx prior to the Plesk-generated nginx. (Mattermost's nginx needs to be readable prior to nginx by Plesk.)
I tried to describe the following for Mattermost's nginx.
Even this will be blocked by CSP.
I no longer know which to set, I am CSP or X-Frame-Options.
Please tell me how to avoid CSP.
Regards,
---
CentOS 7.6, Nginx 1.14.2, PHP7.3.3, Plesk 17.8.11
I have been blocked there by the Contents Security Policty(CSP).
I wrote the following on Nextcloud nginx.
Code:
add_header Content-Security-Policy "frame-src MATTERMOST-URL";
add_header X-Frame-Options "allow-from https://MATTERMOST-URL";But there is no change. So I changed the above "MATTTERMOST-URL" to "server IP address". Furthermore, I added the port number of mattermost. In this case, the error disappeared from the browser and became blank. And if I change X-Frame-Options, there is no change at all.
I managed Nextcloud with Plesk, Mattermost outside Plesk. The MariaDB and site settings used by Mattermost were set by Plesk, but nginx is directly added to nginx.conf. When I built Mattermost on Plesk, I struggled with Mattermost's proxy_pass settings. Will I need to think again by specifying a URL? Mattermost could not run without reading the Mattermost nginx prior to the Plesk-generated nginx. (Mattermost's nginx needs to be readable prior to nginx by Plesk.)
I tried to describe the following for Mattermost's nginx.
Code:
add_header Content-Security-Policy "frame-src NEXTCLOUD-URL";
add_header X-Frame-Options "allow-from https://NEXTCLOUD-URL";Even this will be blocked by CSP.
I no longer know which to set, I am CSP or X-Frame-Options.
Please tell me how to avoid CSP.
Regards,
---
CentOS 7.6, Nginx 1.14.2, PHP7.3.3, Plesk 17.8.11
