CSP on Websockets

bzubi · May '22

egw: 21.1.20220408, docker, https://colab.domain.de1
standalone rocketchat: 4.6.3, docker, https://rchat.domain.de

Since upgrading to 21.1.20220408 last friday, OAuth Login (RocketChat as client) no longer works. (still have ldap as fallback.)

additional ill get “Error contacting Api server: https://rchat.domain.de/api/v1/login” when logging in.

While investigating I came across CSP (again).

Refused to connect to 'wss://rchat.domain.de/websocket' because it violates the following Content Security Policy directive: "connect-src 'self' https://rchat.domain.de wss://colab.domain.de".

CSP on https://colab.domain.de1 looks like:

script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
connect-src 'self' https://rchat.domain.de wss://colab.domain.de;
frame-src 'self' meet.jit.si https://rchat.domain.de;
manifest-src 'self';
frame-ancestors 'self';
media-src 'self' data: https:;
img-src 'self' data: https: blob:;
default-src 'none';
font-src 'self';

the “connect-src” does not look right.

Is there any other information I can give?

thanks, bzubi

Topic	Category	Replies	Views	Activity
RocketChat: Error: Cannot find module ‘/app/bundle/bash’	Rocket.Chat	2	904	May '24
Error “unknown path” after installation	Rocket.Chat	3	558	Aug '24

CSP on Websockets

Suggested Topics

Want to read more? Browse other topics in Rocket.Chat or view latest topics.

CSP on Websockets

Suggested Topics

Want to read more? Browse other topics in Rocket.Chat or view latest topics.

share a link to this topic