egw: 21.1.20220408, docker, https://colab.domain.de
standalone rocketchat: 4.6.3, docker, https://rchat.domain.de
Since upgrading to 21.1.20220408 last friday, OAuth Login (RocketChat as client) no longer works. (still have ldap as fallback.)
additional ill get “Error contacting Api server: https://rchat.domain.de/api/v1/login” when logging in.
While investigating I came across CSP (again).
Refused to connect to 'wss://rchat.domain.de/websocket' because it violates the following Content Security Policy directive: "connect-src 'self' https://rchat.domain.de wss://colab.domain.de".
CSP on https://colab.domain.de looks like:
script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
connect-src 'self' https://rchat.domain.de wss://colab.domain.de;
frame-src 'self' meet.jit.si https://rchat.domain.de;
manifest-src 'self';
frame-ancestors 'self';
media-src 'self' data: https:;
img-src 'self' data: https: blob:;
default-src 'none';
font-src 'self';
the “connect-src” does not look right.
Is there any other information I can give?
thanks, bzubi
