Content
View differences
Updated by Wieland Lindenthal 4 months ago
Hi,
After configuring an Hocuspocus Hocupocus Server (deployed with docker) in OpenProject
When I try to edit a document, I have got an error :
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/918907/content">
In developer console, I've got this error :
`Connecting to 'wss://hocuspocus.xxxxxx.fr/' violates the following Content Security Policy directive: "connect-src 'self' https://hocuspocus.xxxxxx.fr". The action has been blocked.`
I added the CSP with :
`sudo openproject config:set OPENPROJECT_CSP_CONNECT_SRC="'self' https://hocuspocus.xxxxxx.fr wss://hocuspocus.xxxxxx.fr"`
I ran
`sudo openproject configure`
`sudo openproject restart`
<br>
When I check in command line :
`sudo openproject config:get OPENPROJECT_CSP_CONNECT_SRC`
It returns : `'self' https://hocuspocus.xxxxxx.fr wss://hocuspocus.xxxxxx.fr`
So config seems ok
But when I check content-security-policy header tabs in developer console of openproject pages, wss://hocuspocus.xxxxxx.fr is not present (only [https://hocuspocus.xxxxxx.fr](https://hocuspocus.xxxxxx.fr/) is included)
wss:// directives in OPENPROJECT\_CSP\_CONNECT\_SRC seems to be ignored and not injected in content-security-policy header, and the error for hocuspocus still present
How to inject wss properly in content-security-policy ?
<br>
<br>
**OpenProject installation type**
* Packaged installation
* Ubuntu 22.04
<br>
**OpenProject version 17.1.0 (Abonnement Enterprise)**
**Browser**
* [x] Chrome
* [x] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
<br>
After configuring an Hocuspocus
When I try to edit a document, I have got an error :
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/918907/content">
In developer console, I've got this error :
`Connecting to 'wss://hocuspocus.xxxxxx.fr/' violates the following Content Security Policy directive: "connect-src 'self' https://hocuspocus.xxxxxx.fr". The action has been blocked.`
I added the CSP with :
`sudo openproject config:set OPENPROJECT_CSP_CONNECT_SRC="'self' https://hocuspocus.xxxxxx.fr wss://hocuspocus.xxxxxx.fr"`
I ran
`sudo openproject configure`
`sudo openproject restart`
<br>
When I check in command line :
`sudo openproject config:get OPENPROJECT_CSP_CONNECT_SRC`
It returns : `'self' https://hocuspocus.xxxxxx.fr wss://hocuspocus.xxxxxx.fr`
So config seems ok
But when I check content-security-policy header tabs in developer console of openproject pages, wss://hocuspocus.xxxxxx.fr is not present (only [https://hocuspocus.xxxxxx.fr](https://hocuspocus.xxxxxx.fr/) is included)
wss:// directives in OPENPROJECT\_CSP\_CONNECT\_SRC seems to be ignored and not injected in content-security-policy header, and the error for hocuspocus still present
How to inject wss properly in content-security-policy ?
<br>
<br>
**OpenProject installation type**
* Packaged installation
* Ubuntu 22.04
<br>
**OpenProject version 17.1.0 (Abonnement Enterprise)**
**Browser**
* [x] Chrome
* [x] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
<br>