Server: refused to load script in chrome.

Created on 12 Feb 2018  Â·  5Comments  Â·  Source: nextcloud/server

Steps to reproduce

  1. open nextcloud with 64.0.3282.140

Actual behaviour

it works well with chrome with my phone,but not work with chrome on my pc.

Server configuration

Operating system:
debian9
Web server:
nginx with cloudflare ssl
Database:
sqlite
PHP version:
php7.0
Nextcloud version: (see Nextcloud admin page)
13.0
Updated from an older Nextcloud/ownCloud or fresh install:
fresh install
Where did you install Nextcloud from:
github release 13.0
Signing status:


Signing status

Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.

List of activated apps:


App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:


Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here.
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "mywebsite.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/mywebsite.com",
        "dbtype": "sqlite3",
        "version": "13.0.0.14",
        "installed": true
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

Client configuration

Browser:
chrome 64.0.3282.140

Operating system:
manjaro

Logs

Browser log


Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
Refused to load the script 'https://mywebsite.com/cdn-cgi/apps/head/PXjTdlvcQ5PyHjz9ggHxURiZX-I.js' because it violates the following Content Security Policy directive: "script-src 'nonce-TFQ5VHduUXhvdlB5dnVadjdJM3lOU0FqVHhPWUxGWG5OdmNGcHNuYTBiVT06Wkc4cHN4WlMySU81MUo4SGxzSExmbWR5STJIZmRneWlBSTkvMGZydWtvMD0=' 'unsafe-eval'".

mywebsite.com/:16 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'nonce-TFQ5VHduUXhvdlB5dnVadjdJM3lOU0FqVHhPWUxGWG5OdmNGcHNuYTBiVT06Wkc4cHN4WlMySU81MUo4SGxzSExmbWR5STJIZmRneWlBSTkvMGZydWtvMD0=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-XJxdyNCafBOtRXogAM6CFGEDPfYxUi7L+5sTRL0wWo4='), or a nonce ('nonce-...') is required to enable inline execution.

mywebsite.com/:1 Refused to load the script 'https://ajax.cloudflare.com/cdn-cgi/scripts/b7ef205d/cloudflare-static/rocket.min.js' because it violates the following Content Security Policy directive: "script-src 'nonce-TFQ5VHduUXhvdlB5dnVadjdJM3lOU0FqVHhPWUxGWG5OdmNGcHNuYTBiVT06Wkc4cHN4WlMySU81MUo4SGxzSExmbWR5STJIZmRneWlBSTkvMGZydWtvMD0=' 'unsafe-eval'".
b) The network log
c) ...

picture feilongfl

Most helpful comment

as @m0sh1x2 said RocketLoader interfere with Nextcloud but instead of disabling RocketLoader totally you could also make a Page Rules for a specific destination or domain such as

  • yourdomain.tld/nextcloud/*
  • nextcloud.yourdomain.tld/*

which ending with something like my last rule

image

picture JOduMonT on 27 Mar 2019
👍3 🚀11 🎉1

All 5 comments

Refused to load the script 'https://mywebsite.com/cdn-cgi/apps/head/PXjTdlvcQ5PyHjz9ggHxURiZX-I.js

Where does this script comes from? Is this injected by Cloudflare? What apps do you have enabled?

MorrisJobke picture MorrisJobke on 12 Feb 2018

I don't know where that script from.there are my enable apps.

Particles 1.1.3
A Better Browser1.3.1

I search over the internet,found that nextcloud shouldn't use clouldflare,so i only enable dns server in clouldflare,it work well now.

feilongfl picture feilongfl on 14 Feb 2018
👍1

You must disable the RocketLoader in CloudFlare under the Speed Tab and then purge the cache.

After that the issue will be resolved.

m0sh1x2 picture m0sh1x2 on 25 Aug 2018
👍2

as @m0sh1x2 said RocketLoader interfere with Nextcloud but instead of disabling RocketLoader totally you could also make a Page Rules for a specific destination or domain such as

  • yourdomain.tld/nextcloud/*
  • nextcloud.yourdomain.tld/*

which ending with something like my last rule

image

JOduMonT picture JOduMonT on 27 Mar 2019
👍3 🚀11 🎉1

Just chiming in to say that RocketLoader is still an issue for NextCloud.

VR51 picture VR51 on 27 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

arno01 picture arno01  Â·  3Comments
brylie picture brylie  Â·  3Comments
e-alfred picture e-alfred  Â·  3Comments
Django-BOfH picture Django-BOfH  Â·  3Comments
ghost picture ghost  Â·  3Comments