From user-return-6090-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Fri May 3 19:17:25 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 6E43418064D for ; Fri, 3 May 2019 21:17:25 +0200 (CEST) Received: (qmail 47366 invoked by uid 500); 3 May 2019 19:17:24 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 47354 invoked by uid 99); 3 May 2019 19:17:24 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 May 2019 19:17:24 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 978771826B8 for ; Fri, 3 May 2019 19:17:23 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 4.736 X-Spam-Level: **** X-Spam-Status: No, score=4.736 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_ENVFROM_END_DIGIT=0.25, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.972, URIBL_BLOCKED=0.001, URI_HEX=1.313] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id EyjBmInzkIFb for ; Fri, 3 May 2019 19:17:22 +0000 (UTC) Received: from n4.nabble.com (n4.nabble.com [199.38.86.66]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id D0CF76113E for ; Fri, 3 May 2019 19:17:21 +0000 (UTC) Received: from n4.nabble.com (localhost [127.0.0.1]) by n4.nabble.com (Postfix) with ESMTP id C01F07AE5D0E for ; Fri, 3 May 2019 14:17:21 -0500 (CDT) Date: Fri, 3 May 2019 14:17:21 -0500 (CDT) From: Zer0Cool To: user@guacamole.apache.org Message-ID: <1556911041742-0.post@n4.nabble.com> Subject: Nginx Content_Security_Policy? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit CentOS/RHEL 7.6 Nginx 1.16.0 OpenSSL 1.0.2k-fips Guac 1.0.0 I have SSL working just fine with a Lets Encrypt cert. I am attempting to add a CSP line to the nginx conf and its causing the login page to look odd and not actually logging in (I will explain further). The line I am adding is: add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'none';" always; If I add the above, restart nginx and clear browser cache the login page loads but the title reads as "{{'APP.NAME' | translate}}" and within the fields "{{getFieldHeader() | translate}}" and the login button reads "{{'LOGIN.ACTION_LOGIN' |". Clicking login after entering credentials seems to fail (red banner at top of page) and shows what seems to then just be a white page with a blankish button. tail -f /var/log/messages says authentication was a success. If I comment out the CSP line, restart nginx and clear browser cache, it works as expected. I have tried starting with just default-src only but same issue. Anyone have CSP in Nginx working with Guac 1.0.0 and/or know if its plain not able to work with it? I have been trying to research the matter but have not found anything specific to Guac + CSP. Any help would be greatly appreciated. Thanks -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/