Normal users can create tokens but they don't have access to any call other than the /api/v1/profile/* routes. Internally, each token has a list of "scopes" (oauth scopes) which indicate what API can be allowed. For normal users, this scope is only the profile scope. For admin users, it includes all the other API calls.
For the CSP settings, this indeed cannot properly be done on a platform level, as apps require differently strict settings there and have to provide this on their own, so this should ideally be fixed in each app upstream.
@girish I have a 238 ko iCal file.
I've split it in twice and I went from 250 importation err from 1 err.
The problem should come from that, thanks!
I was at the beginning thinking about it (splitting the file) but after that, I was focusing on RateLimit - wrong way! Also, I advise people which want to import a big file to increase drastically the mem allowance of the app (2Gb in my case)
running on bare metal is totally fine. For the setup within your network behind the router, please make sure that at least port 80 and 443 are forwarded. Port 80 is required to obtain LetsEncrypt SSL certificates. Otherwise please check the logs with journalctl -u box when performing the dns setup on your Cloudron, this should show for which IP it is waiting for the DNS records to be in-sync. Possibly it is checking for the wrong (private) IP.
Further when using Cloudrflare, please note that currently Cloudron does not support installing apps that are proxied via Cloudflare. Cloudflare backend only sets up the DNS via Cloudflare API and expects website traffic to be unproxied.