I keep getting this error with pretty much any button I try clicking.
Firefox:
Content Security Policy: The page’s settings blocked the loading of a
resource at http://xxxxxxx.xxx/admin/profile (“form-action”).
Webkit:
Refused to load http://xxxxxxxxxxx/admin/object because it does not
appear in the form-action directive of the Content Security Policy.
Here's what my reverse proxy set up looks like:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xxxxxxxxxxxxx;
client_max_body_size 1G;
ssl_certificate /etc/ssl/xxxxxxxxxxx.fullchain.cert;
ssl_certificate_key /etc/ssl/private/xxxxxxxxxxxxxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains" always;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://192.168.1.7:8000;
}
}
Any idea as to what's going on? (The x's are, of course, my domain name.)
Hey,
It looks like you have
https = false
whereas it should behttps = true
.Let me know if that solves your issue, thanks!
Unfortunately, https = true is indeed set. Here's my entire config:
domain = "xxxxxxxxxxxxx" username = "xxxxxxxxxxxxxxxx" admin_password = "xxxxxxxxxxxxxxxxxxxx" name = "Charadon" summary = "" https = true icon_url = "https://mb.iotib.net/static/nopic.png" secret = "xxxxxxxxxxxxxxxxxxxxxxx"
Can you try
trusted_hosts = ["*"]
indata/profile.toml
?
On 12/10/22 14:26, ~tsileo wrote:
trusted_hosts = ["*"] Well, that fixed it! I wonder if this had to do with the fact I had to change the supervisord config to use 192.168.1.7 instead of 127.0.0.1 to work with my VPN?
The middleware only trust
127.0.0.1
by default.I will add this in the doc in the troubleshooting section.
On 12/10/22 14:35, ~tsileo wrote:
The middleware only trust
127.0.0.1
by default.I will add this in the doc in the troubleshooting section.
Should also mention how to change the default IP from 127.0.0.1 while you're at it ;)
had the same issue,
trusted_hosts = ["*"]
fixed it