[Bug]: Nextcloud 31 - Install/Enable apps with ajax request to http #51213
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
After updating to nextcloud container 31 in place.
Enable / Install App makes a second Request to "httpS:///apps/files/" which has a location-header in http response to "http:///apps/files/" (without TLS).
That seems to lead to a violate Content-Security-Policy" and shows an in console:
Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at https://<redacted>/apps/files/ because it violates the following directive: “connect-src 'self'”
And a Failure of Enable/Install the Apps in UI.
PS: It looks like the Apps are enabled (just that failure in UI)
Steps to reproduce
- Install nextcloud 31 (with nginx-fpm and postgresql)
- Enable Application
Expected behavior
No error message shown
Nextcloud Server version
31
Operating system
Other
PHP engine version
Other
Web server
Nginx
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
No response