Reading Time: 2 minutes
This article is about Nextcloud again.
In my Nextcloud environment I use Two-Factor TOTP Provider as 2 factor authentication.
From when I moved from apache to nginx with reverse-proxy I always see this error.
– Strict mode, no HTTP connection allowed!
I need to click Submit button twice when I log in from Chrome.
I can login with 2 times click but this minds me…
I checked Nextcloud log, Nginx log, compared with apache environment, compared with/without reverse proxy…
I finally found root cause by Chrome Developer Tools.
Refused to send form data to ‘https://yasufumi-yokoyama.ml/nextcloud/index.php/login/challenge/totp’ because it violates the following Content Security Policy directive: “form-action ‘self'”.
Browser canceled requst because I am against security policy.
Chrome actually canceled HTTPS request.
I searched Google with this error message and found solution soon.
I just need to add below line to config.php.
'overwriteprotocol' => 'https',
The mechanism of problem is,
Nextcloud is running under reverse proxy and provides HTTP service. So hyperlink in document is http://xxxx On the other hand client communicates with HTTPS to reverse proxy. So mixed contents problem happened.
by adding overwriteprotocol as https helps to forcibly change hyperlink from http to https.
– Link about mixed contents
How was it?
I used much time to solve it!
You don’t need to waste time with this article!