What app is this about, and its version: 2026.29.0~ynh1
What YunoHost version are you running: 12.1.39
What type of hardware are you using: VPS bought online
Describe your issue
Hello,
I seem to be running into the error when loading Sheets (it doesn’t seem to come up in other types of documents) after I updated to 2026.29.0~ynh1. When I open an existing sheet or an old sheet, it will say the following:
“Updated version available, press OK to reload”
And it will continue to show. I’ve tried:
- Clearing cache
- Logging back out and in again
- Trying different browsers (LibreWolf and Chromium)
- Creating a new Sheet (happens on any existing and new sheets)
- Forcing install
I ran Cryptpad’s checkup, and it seems like it’s an nginx issue (output below). Not sure how I got into this situation, but I’m afraid it will get deleted if I ran yunohost tools regen-conf nginx (output below). How do I regenerate the proper sandbox config for nginx? I also attached the config that I have currently.
Thank you! Sorry I’m not sure what to do in this situation.
Share relevant logs or error messages
Output of /checkup/:
/sheet/inner.html does not have the required 'content-security-policy' headers set. This is most often related to incorrectly configured sandbox domains or reverse proxies.
/common/onlyoffice/dist/v8/web-apps/apps/spreadsheeteditor/main/index.html does not have the required 'content-security-policy' headers set. This is most often related to incorrectly configured sandbox domains or reverse proxies.
/api/config returned an HTTP status code other than 200 when accessed from the sandbox domain.
https://pad.aangat.lahat.computer/sheet/inner.html was served with incorrect Content-Security-Policy headers.
A value of "'none'" was expected for the default-src directive.
A value of "'unsafe-inline' 'self' https://pad.aangat.lahat.computer" was expected for the style-src directive.
A value of "'self' data: https://pad.aangat.lahat.computer" was expected for the font-src directive.
A value of "https://pad.aangat.lahat.computer" was expected for the child-src directive.
A value of "'self' blob: https://sandbox.pad.aangat.lahat.computer" was expected for the frame-src directive.
A value of "'self' resource: https://pad.aangat.lahat.computer 'unsafe-eval' 'unsafe-inline'" was expected for the script-src directive.
A value of "'self' blob: https://pad.aangat.lahat.computer https://sandbox.pad.aangat.lahat.computer wss://pad.aangat.lahat.computer" was expected for the connect-src directive. This rule restricts which URLs can be loaded by scripts. Overly permissive settings can allow users to be tracked using external resources, while overly restrictive settings may block pages from loading entirely.
A value of "'self' data: blob: https://pad.aangat.lahat.computer" was expected for the img-src directive.
A value of "blob:" was expected for the media-src directive.
A value of "'self' https://pad.aangat.lahat.computer" was expected for the frame-ancestors directive. This rule determines which sites can embed content from this instance in an iframe.
A value of "'self'" was expected for the worker-src directive.
Output of yunohost tools regen-conf nginx --dry-run
# yunohost tools regen-conf nginx --dry-run
Info: The configuration file '/etc/nginx/conf.d/sandbox.pad.aangat.lahat.computer.conf' is expected to be deleted by regen-conf (category nginx) but was kept back.
nginx:
applied:
pending:
/etc/nginx/conf.d/sandbox.pad.aangat.lahat.computer.conf:
status: unmanaged
#
sandbox.pad.aangat.lahat.conf
# Note this is a mostly a copy of https://github.com/YunoHost/yunohost/blob/dev/conf/nginx/server.tpl.conf
# But with some cleanup of all not necessary things
server {
listen 80;
listen [::]:80;
server_name sandbox.pad.aangat.lahat.computer;
include /etc/nginx/conf.d/acme-challenge.conf.inc;
location ^~ '/.well-known/ynh-diagnosis/' {
alias /var/www/.well-known/ynh-diagnosis/;
}
# Note that this != "False" is meant to be failure-safe, in the case the redrect_to_https would happen to contain empty string or whatever value. We absolutely don't want to disable the HTTPS redirect *except* w
hen it's explicitly being asked to be disabled. #}
location / {
return 301 https://$host$request_uri;
}
include /etc/nginx/conf.d/yunohost_http_errors.conf.inc;
access_log /var/log/nginx/pad.aangat.lahat.computer-access.log;
error_log /var/log/nginx/pad.aangat.lahat.computer-error.log;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sandbox.pad.aangat.lahat.computer;
include /etc/nginx/conf.d/security.conf.inc;
ssl_certificate /etc/yunohost/certs/pad.aangat.lahat.computer/crt.pem;
ssl_certificate_key /etc/yunohost/certs/pad.aangat.lahat.computer/key.pem;
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
include /etc/nginx/conf.d/cryptpad-shared.conf.inc;
# We consider that the CA is letsencrypt but yes it could be not allways the case
# This should be improved mybe at some point if this is a problem in some cases
# OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/yunohost/certs/pad.aangat.lahat.computer/crt.pem;
resolver 1.1.1.1 9.9.9.9 valid=300s;
resolver_timeout 5s;
access_log /var/log/nginx/pad.aangat.lahat.computer-access.log;
error_log /var/log/nginx/pad.aangat.lahat.computer-error.log;
location / {
proxy_pass http://localhost:3000;
include proxy_params_no_auth;
client_max_body_size 150m;
}
location ^~ /cryptpad_websocket {
proxy_pass http://localhost:3003;
include proxy_params_no_auth;
}
}
