Collabora office opened in frame - CSP error saving files

Hi all,
as stated here https://forum.pydio.com/t/collabora-office-copy-paste-content-security-policy-error/4417 Collabora office cannot save documents due to a CSP error:
Refused to frame 'https://collabora.domain.tld:port/' because it violates the following Content Security Policy directive: "frame-src 'self' https://rating.collaboraonline.com/Welcome/welcome.html https://rating.collaboraonline.com/Rate/feedback.html blob:".
I’ve correctly set my Collabora server in plugins config, I think Cells must send a CSP like this (line added like this **line added**):
content-security-policy: default-src 'none'; frame-src 'self' **https://collabora.domain.tld:port** https://rating.collaboraonline.com/Welcome/welcome.html https://rating.collaboraonline.com/Rate/feedback.html blob: ; connect-src 'self' wss://cells.domain.tld; script-src 'unsafe-inline' 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'self' blob:; img-src 'self' data: https://www.collaboraoffice.com/ cells.domain.tld:*; frame-ancestors cells.domain.tld:*

I think this should be considered a bug.

Any help?

Thank you

Looking at the other message, you are referring to the collabora internal download button right? Normally Cells is proxying requests to the collabora machine, but I guess in that case the download button is trying to reach the collabora domain directly ?

you are referring to the collabora internal download button right?

Yes

but I guess in that case the download button is trying to reach the collabora domain directly ?

Yes, it is.

Any possibility to change CSP?

Thank you

Is it so difficult to add such line to CSP on cells side?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.