Spreed: Talk 10.0.4 Stoped working for safari and mobile browsers (Safari/Firefox/Chrome for iOS and Firefox for Android)
Steps to reproduce
- Open safari 14.0.2
- Log into nextcloud
- open talk app & blank screen not show chats or anything.
axheli
All 10 comments
It seems like to be a problem with the content-security-police header:
Refused to load https://<url>/extra-apps/spreed/js/image-blurrer-worker.js because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
(anonyme Funktion) (talk.js:1612:8086)
(anonyme Funktion) (talk.js:1612:8086)
n (talk.js:1:115)
(anonyme Funktion) (talk.js:2806:38737)
n (talk.js:1:115)
(anonyme Funktion) (talk.js:1:908)
Globaler Code (talk.js:1:919)
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-Y3VMa281eHNMc3lmYXJHaWRYejZLQkwyQk82UTJCVG55UFBSdHROUUdQYz06SGJTSXpmRmFCWVdxV3V2UElVaS9mbHkzZEozNnZGT0FnNmFCOHBFeFdydz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' stun.nextcloud.com:443 *;media-src 'self' blob:;frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'
It works if you delete the CSP response header (for tests, via e.g. your reverse-proxy)
thepill
on 19 Dec 2020
I have the same problem on iOS and macOS. I regret updating so fast. I hope a fix comes soon.
edit: everything was up to date. Just updated Nextcloud talk to 10.0.4.
g-d-d-h
on 19 Dec 2020
I confirm this issue! Updated my first NC instance from 19.0.6 to 20.0.4 and searched an hour because talk does not work with Safari anymore.
Not sure why NC21 was set as milestone, this needs to be fixed ASAP in the main stable version IMHO.
I also confirm that the above workaround from @thepill works!
jacotec
on 19 Dec 2020
Same here. A new installation of Nextcloud 20.0.4 and 10.0.4 give a blank site unter index.php/apps/spreed/ in Safari.
Chrome and FF working well.
Will try the workaround now and hope for a fix with the next release.
diskbuster
on 21 Dec 2020
Same over here. FF works but Safari doesn't. Will attempt the delete the CSP response header workaround
ThatComputerKid
on 30 Dec 2020
@ThatComputerKid did you have any success to get a manual workaround working?
Either it can be fixed for the moment or I need to try to downgrade the app for now - which is not recommended
Rello
on 2 Jan 2021
Such a bug should be fixed asap :/ no working web view iOS and macOS devices caused by a minor update.
g-d-d-h
on 2 Jan 2021
https://github.com/nextcloud/spreed/pull/4822 is the workaround
Such a bug should be fixed asap
Yes it should and we will mostlikely publish something next week. It's just we developers/maintainers have vacations/holiday/family time too, you know?
nickvergessen
on 3 Jan 2021
Sorry, didn’t want to sound harsh. I have no knowledge of coding and how much time it needs.
g-d-d-h
on 3 Jan 2021
@ThatComputerKid did you have any success to get a manual workaround working?
Either it can be fixed for the moment or I need to try to downgrade the app for now - which is not recommended
Unset the CSP header IS working. Just be aware, that you lose the security provided by a csp header.
socialize-IT
on 6 Jan 2021
Related issues
jospoortvliet
·
3Comments
MarcoZehe
·
4Comments
ma12-co
·
3Comments
FramboisePi
·
3Comments
q-wertz
·
3Comments
Most helpful comment
I confirm this issue! Updated my first NC instance from 19.0.6 to 20.0.4 and searched an hour because talk does not work with Safari anymore.
Not sure why NC21 was set as milestone, this needs to be fixed ASAP in the main stable version IMHO.
I also confirm that the above workaround from @thepill works!