Cannot access documents since last update - CryptPad is failing to load OnlyOffice
-
Hi
Since last update I face "Script Error: See browser console for details" when trying to open CryptPad documents
it seems to have to do with CSP or nginx config and some redirection.
Browser shows:
- window.DocsAPI is undefined
- CSP blocking extensions.js
- MIME type mismatch (text/html, nosniff)
Debugging shows that:
curl -I "https://<my redacted domain>/extensions.js?ver=2026.2.0-1771044916890"
returnsHTTP/2 301 Location: http://<my redacted domain>/extensions.js/?ver=... Content-Type: text/htmlHTTPS is being redirected to HTTP
A trailing slash is added to extensions.js/
Response is HTML instead of JS ?Is this a known issue with the CryptPad package or Cloudron’s nginx config handling static assets?
Let me know if you need full browser console logs in case this cannot be reproduced.Thanks!
-
Hi
Since last update I face "Script Error: See browser console for details" when trying to open CryptPad documentsit seems to have to do with CSP or nginx config and some redirection.
Browser shows:
- window.DocsAPI is undefined
- CSP blocking extensions.js
- MIME type mismatch (text/html, nosniff)
Debugging shows that:
curl -I "https://<my redacted domain>/extensions.js?ver=2026.2.0-1771044916890"
returnsHTTP/2 301 Location: http://<my redacted domain>/extensions.js/?ver=... Content-Type: text/htmlHTTPS is being redirected to HTTP
A trailing slash is added to extensions.js/
Response is HTML instead of JS ?Is this a known issue with the CryptPad package or Cloudron’s nginx config handling static assets?
Let me know if you need full browser console logs in case this cannot be reproduced.Thanks!
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update? -
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update?@james said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update?Thanks for the answer! In fact here I'm not 100% sure of the when. It has been a few days maybe more than a week I'm not sure as I don't use the app daily and the notifications history for updates in cloudron is not keeping lot of info since v9. But I have read on their GitHub that they made a release few weeks ago. So either it's that either a cloudron update? Difficult to tell. Maybe I could try to rollback to a previous package version?
-
Hi, we have the same issue. Confirmed on both Firefox and Chrome.
curl -I shows the root cause:GET /extensions.js?ver=2026.2.0-1772167481346 → 301 redirect to http://<redacted>/extensions.js/?ver=...Content-Security-Policy: Nastavení stránky zablokovalo provedení skriptu (script-src-elem) na http://<redacted>/extensions.js/?ver=2026.2.0-1772167481346, protože porušuje direktivu „script-src 'self' 'unsafe-eval' 'unsafe-inline' resource: https://<redacted>" Zdroj na adrese "https://<redacted>/extensions.js?ver=2026.2.0-1772167481346" byl zablokován kvůli rozdílnému MIME typu ("text/html") (X-Content-Type-Options: nosniff). URI zdroje <script> není v tomto dokumentu povolen: „https://<redacted>/extensions.js?ver=2026.2.0-1772167481346". Uncaught TypeError: can't access property "DocEditor", window.DocsAPI is undefined startOO https://<redacted>/common/onlyoffice/inner.js?ver=2026.2.0-1772167481346:2544Nginx adds a trailing slash and downgrades HTTPS to HTTP. HSTS catches it and switches back to HTTPS, but the URL is now /extensions.js/ instead of /extensions.js → server returns HTML instead of JS → CSP blocks it → OnlyOffice fails to load.
