Follow Content-Security-Policie guidance // Errors while loading js + css

[Constey]

Using Nextcloud 17.1 / and sharelisting 1.1.1 we see following issues in console.log.
This affects user performance, since loading issues will cause slow page loads after logging in.
Disabling CSP headers -> resovles this issues -> brings back the security concers :-)

Refused to load the script 'https://intranext.domain.de/apps/sharelisting/js/sharelisting-vendors-node_modules_nextcloud_axios_dist_index_js-node_modules_nextcloud_router_dist_index_j-181350.js?v=843769528916a0761446' because it violates the following Content Security Policy directive: "script-src 'nonce-UHgrYmtnbGIyOEJQRHFQS2JjeFJsd09hVmdyd2FiNWxFTDdqNGNVRCtuQT06VDN6Zi9VRXhyYU1yTitqaFhLOHAvbXJmT1htMEl2SWRWTldzczROSGxDZz0='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

o.l @ load script:41
load script:41 Refused to load the script 'https://intranext.domain.de/apps/sharelisting/js/sharelisting-sharing.js?v=1020b6e44ccaabbc7399' because it violates the following Content Security Policy directive: "script-src 'nonce-UHgrYmtnbGIyOEJQRHFQS2JjeFJsd09hVmdyd2FiNWxFTDdqNGNVRCtuQT06VDN6Zi9VRXhyYU1yTitqaFhLOHAvbXJmT1htMEl2SWRWTldzczROSGxDZz0='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

o.l @ load script:41
jsonp chunk loading:27 Uncaught (in promise) ChunkLoadError: Loading chunk vendors-node_modules_nextcloud_axios_dist_index_js-node_modules_nextcloud_router_dist_index_j-181350 failed.
(error: https://intranext.domain.de/apps/sharelisting/js/sharelisting-vendors-node_modules_nextcloud_axios_dist_index_js-node_modules_nextcloud_router_dist_index_j-181350.js?v=843769528916a0761446)
    at o.f.j (jsonp chunk loading:27:18)
    at ensure chunk:6:25
    at Array.reduce (<anonymous>)
    at o.e (ensure chunk:5:56)
    at main.js:33:2
index.es.js:2337 Proxying an event bus of version 3.1.0 with 1.3.0
e @ index.es.js:2337
NotificationsApp.vue:470 Notifications permissions not yet requested
workspace:1     Failed to load resource: the server responded with a status of 404 ()
intranext.domain.de/:1 Refused to apply style from 'https://intranext.domain.de/apps/sharelisting/css/icons.css?v=872ccd9c-14' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
ServiceWorker.js:31 Refused to create a worker from 'https://intranext.domain.de/index.php/apps/files/preview-service-worker.js' because it violates the following Content Security Policy directive: "script-src 'nonce-UHgrYmtnbGIyOEJQRHFQS2JjeFJsd09hVmdyd2FiNWxFTDdqNGNVRCtuQT06VDN6Zi9VRXhyYU1yTitqaFhLOHAvbXJmT1htMEl2SWRWTldzczROSGxDZz0='". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

(anonymous) @ ServiceWorker.js:31
core-common.js?v=d8a1abcc-14:sourcemap:2 [ERROR] files: SW registration failed:  {app: 'files', uid: 'CLotz', level: 2, error: DOMException: Failed to register a ServiceWorker: The provided scriptURL ('https://intranext.bkk-ru…}