Hi all!
I am making trying to make a package for Movim (upstream is at version 0.16.1, official package is at 0.13 with a 1 year old PR to upgrade to 0.14…).
I’m doing that mostly by personal interest in the project and to learn a bit about what’s happening under the hood, but who knows where it will take me…
Currently, I am stuck at a Content-Security-Policy issue:
The login page keeps reloading with error message about CSP:
Ouverture de https://chtisurel.net/movim/
Content Security Policy: Ce site (https://chtisurel.net) possède une politique Report-Only sans URI de rapport. CSP ne bloquera pas cette politique et ne pourra pas rapporter ses violations.
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à wss://chtisurel.net/movim/ws/?path=chat&offset=300 (« default-src »). Un rapport CSP est en cours d’envoi. [movim_websocket.js:72:26](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Content Security Policy: Ce site (https://chtisurel.net) possède une politique Report-Only sans URI de rapport. CSP ne bloquera pas cette politique et ne pourra pas rapporter ses violations.
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à wss://chtisurel.net/movim/ws/?path=chat&offset=300 (« default-src »). Un rapport CSP est en cours d’envoi.
Erreur dans les liens source : Error: NetworkError when attempting to fetch resource. URL de la ressource : moz-extension://b8078388-b34b-4a3a-bb12-935baba5c615/common/purify.js URL du lien source : purify.js.map
Connection established! [movim_websocket.js:77:21](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Connection closed by the server or session closed [movim_websocket.js:115:21](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Ouverture de https://chtisurel.net/movim/?disconnect
Content Security Policy: Ce site (https://chtisurel.net) possède une politique Report-Only sans URI de rapport. CSP ne bloquera pas cette politique et ne pourra pas rapporter ses violations. 2
Content Security Policy: Ce site (https://chtisurel.net) possède une politique Report-Only sans URI de rapport. CSP ne bloquera pas cette politique et ne pourra pas rapporter ses violations.
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à wss://chtisurel.net/movim/ws/?path=login&offset=300 (« default-src »). Un rapport CSP est en cours d’envoi. [movim_websocket.js:72:26](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Content Security Policy: Ce site (https://chtisurel.net) possède une politique Report-Only sans URI de rapport. CSP ne bloquera pas cette politique et ne pourra pas rapporter ses violations.
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à wss://chtisurel.net/movim/ws/?path=login&offset=300 (« default-src »). Un rapport CSP est en cours d’envoi.
Erreur dans les liens source : Error: NetworkError when attempting to fetch resource. URL de la ressource : moz-extension://b8078388-b34b-4a3a-bb12-935baba5c615/common/purify.js URL du lien source : purify.js.map
Connection established! [movim_websocket.js:77:21](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Connection closed by the server or session closed [movim_websocket.js:115:21](https://chtisurel.net/movim/scripts/movim_websocket.js?t=1578254433)
Ouverture de https://chtisurel.net/movim/?disconnect
and from then, it loops through the attempt to open ?disconnect.
Here is what I have in /etc/nginx/conf.d/chtisurel.net/movim.conf:
#rewrite ^/movim$ /movim/ permanent;
location /movim/ {
alias /var/www/movim/public/;
add_header Access-Control-Allow-Origin *;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' chtisurel.net:*; connect-src 'self' wss://chtisurel.net:*; img-src *";
#more_set_headers "Content-Security-Policy: upgrade-insecure-requests";
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.php;
try_files $uri $uri/ /index.php;
location ~ [^/]\.php(/|$) {
if ($request_uri ~ "\/movim\/\?infos") {
return 403;
}
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php-fpm-movim.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location ~ ^/movim/ws/ {
proxy_pass http://localhost:9537;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
# To avoid disconnecting after 60sec :
proxy_read_timeout 14400s;
proxy_send_timeout 14400s;
# (14400s is 4h)
}
# Include SSOWAT user panel.
# include conf.d/yunohost_panel.conf.inc;
}
location ~ /\.ht {
deny all;
}
location ^~ /movim/log/ {
return 403;
}
location ^~ /movim/config/ {
return 403;
}
location ^~ /movim/?infos {
return 403;
}
Sorry for the French in the CSP log, but as you can see, I’m really struggling with the websocket resource.
Any idea what I got wrong here?
Thanks in advance!