Added by Federico Rodriguez almost 6 years ago
When i save a change in the site, in javascript appears console this error:
Refused to send form data to 'http://openproject.mydomain/' because it violates the following Content Security Policy directive: "form-action 'self'".
How can I solve it?
Replies (12)
My openproject-le-ssl.conf file:
<VirtualHost *:443>
ServerName xxxxxxxxxxxxxxxxxxxxxxxxxx
DocumentRoot /opt/openproject/public
ProxyRequests off
Include /etc/openproject/addons/apache2/includes/vhost/*.conf
# Can't use Location block since it would overshadow all the other proxypass directives on CentOS
ProxyPass / http://127.0.0.1:6000/ retry=0
ProxyPassReverse / http://127.0.0.1:6000/
SetEnv proxy-nokeepalive 1
RequestHeader set X-Forwarded-Proto "https"
Header unset X-Frame-Options
Header merge Cache-Control no-cache
Header set Access-Control-Allow-Origin “*”
SSLCertificateFile /etc/letsencrypt/live/trepcom.data.com.uy/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trepcom.data.com.uy/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Hi, i have the same problem, where you able to solve this ?
Thanks
I ran into the same problem.
The solution was to set the correct protocol in your systems settings. Mine was set to http although my nginx config forced OpenProject to use https. Switching the protocol to https instead of http fixed it.
Thanks Martin for the information. Since the packaged installation would set the protocol automatically only for Apache installations, I can see that with Nginx users tend to run into this problem.
I'll look into documenting this option better in case of skipping Apache installation. In short, when installing with Nginx (or manually embedding in Apache), you will want to set the following variables manually:
Best,
Oliver
Hi Oliver,
No problem!
Wouldn't it be possible to automate this for nginx users as well? Seeing as the example hostname does already suggest the correct hostname.
I'm running the Docker image by the way, on a webserver which has nginx installed.
Hi Martin,
yes, it is definitely possible to automate that, but would also increase complexity on our packages to support multiple vendors.
Best,
Oliver
Update:
Problem returned after upgrading. Also adding this line to my nginx configuration (as mentioned here) seems to have solved it:
I had the same issue, I couldn't login due to the error of not sending form data to http addresses. Finally I solved the problem by altering the database:
mariadb; update settings set value = "https" where value = "http";
Before this, I did the configs, added the proxy header, recompiled the assets afterwards and restarted the server, nothing helped, but this. Good luck everybody.
This might be connected to the following bug report: . If wrote it earlier in this thread but if you had configured Apache2 at any earlier time in the installation, your environment config will still contain a reference to
SERVER_HOSTNAME
. You will want to set this env manually withopenproject config:set SERVER_HOSTNAME="https"
to ensure it will survive upgrades.Best,
Oliver
Oliver Günther wrote:
I guess you mean SERVER_PROTOCOL?
You're right, thanks for spotting. The
SERVER_HOSTNAME
however is also affected in the same fashion.Hi,
I'm seeing a similar issue. I'm using an evaluation version of the Cloud product. Is there a was to configure this for the Cloud version ?
I'm trying to load the UI into an iframe.
Thanks
Graham