Cannot access documents since last update - CryptPad is failing to load OnlyOffice
-
Hi
Since last update I face "Script Error: See browser console for details" when trying to open CryptPad documents
it seems to have to do with CSP or nginx config and some redirection.
Browser shows:
- window.DocsAPI is undefined
- CSP blocking extensions.js
- MIME type mismatch (text/html, nosniff)
Debugging shows that:
curl -I "https://<my redacted domain>/extensions.js?ver=2026.2.0-1771044916890"
returnsHTTP/2 301 Location: http://<my redacted domain>/extensions.js/?ver=... Content-Type: text/htmlHTTPS is being redirected to HTTP
A trailing slash is added to extensions.js/
Response is HTML instead of JS ?Is this a known issue with the CryptPad package or Cloudron’s nginx config handling static assets?
Let me know if you need full browser console logs in case this cannot be reproduced.Thanks!
-
Hi
Since last update I face "Script Error: See browser console for details" when trying to open CryptPad documentsit seems to have to do with CSP or nginx config and some redirection.
Browser shows:
- window.DocsAPI is undefined
- CSP blocking extensions.js
- MIME type mismatch (text/html, nosniff)
Debugging shows that:
curl -I "https://<my redacted domain>/extensions.js?ver=2026.2.0-1771044916890"
returnsHTTP/2 301 Location: http://<my redacted domain>/extensions.js/?ver=... Content-Type: text/htmlHTTPS is being redirected to HTTP
A trailing slash is added to extensions.js/
Response is HTML instead of JS ?Is this a known issue with the CryptPad package or Cloudron’s nginx config handling static assets?
Let me know if you need full browser console logs in case this cannot be reproduced.Thanks!
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update? -
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update?@james said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Hello @sansguidon
@SansGuidon said in Cannot access documents since last update - CryptPad is failing to load OnlyOffice:
Since last update
What update are you referring to?
A Cloudron update or an app update?Thanks for the answer! In fact here I'm not 100% sure of the when. It has been a few days maybe more than a week I'm not sure as I don't use the app daily and the notifications history for updates in cloudron is not keeping lot of info since v9. But I have read on their GitHub that they made a release few weeks ago. So either it's that either a cloudron update? Difficult to tell. Maybe I could try to rollback to a previous package version?
-
Hi, we have the same issue. Confirmed on both Firefox and Chrome.
curl -I shows the root cause:GET /extensions.js?ver=2026.2.0-1772167481346 → 301 redirect to http://<redacted>/extensions.js/?ver=...Content-Security-Policy: Nastavení stránky zablokovalo provedení skriptu (script-src-elem) na http://<redacted>/extensions.js/?ver=2026.2.0-1772167481346, protože porušuje direktivu „script-src 'self' 'unsafe-eval' 'unsafe-inline' resource: https://<redacted>" Zdroj na adrese "https://<redacted>/extensions.js?ver=2026.2.0-1772167481346" byl zablokován kvůli rozdílnému MIME typu ("text/html") (X-Content-Type-Options: nosniff). URI zdroje <script> není v tomto dokumentu povolen: „https://<redacted>/extensions.js?ver=2026.2.0-1772167481346". Uncaught TypeError: can't access property "DocEditor", window.DocsAPI is undefined startOO https://<redacted>/common/onlyoffice/inner.js?ver=2026.2.0-1772167481346:2544Nginx adds a trailing slash and downgrades HTTPS to HTTP. HSTS catches it and switches back to HTTPS, but the URL is now /extensions.js/ instead of /extensions.js → server returns HTML instead of JS → CSP blocks it → OnlyOffice fails to load.
-
J joseph marked this topic as a regular topic
-
Hi, thanks for the update. The new package seems to fix the issue for new documents, but older documents still fail to open with the same error.
-
-
Hello @archos and @sansguidon
Please ensure this is not a caching issue of your browser.Hello @archos and @sansguidon
Please ensure this is not a caching issue of your browser.Thanks for the advice, so after checking in two other browsers I confirm the issue persists independently from caching
-
Hello @sansguidon
Thanks for the report.
I will have to look into it again.Please share what browser, what browser version and what operating system is used.
Also, if any extensions are installed please also list them or confirm that the issue persists in a fresh browser session with no extensions. -
Hi, tested on Firefox 148.0 on Arch Linux and Safari on iOS. Issue persists in a private/incognito window with no extensions. Older documents still fail to open.
-
Hello @sansguidon
Thanks for the report.
I will have to look into it again.Please share what browser, what browser version and what operating system is used.
Also, if any extensions are installed please also list them or confirm that the issue persists in a fresh browser session with no extensions.Hello @sansguidon
Thanks for the report.
I will have to look into it again.Please share what browser, what browser version and what operating system is used.
Also, if any extensions are installed please also list them or confirm that the issue persists in a fresh browser session with no extensions.I've tried from MacOs, Android, Vivaldi, Brave, LibreWolf. Same issue.
Would it help to share my logs or data?? -
Thanks for the suggestion! I can't copy a file, the context menu only appears with both a combination of clicking and hitting some trigger key, and then I cannot hit Copy as context menu disappears as soon as I release the mouse button. Annoying UX.
I've obtained more console log after removing the local data storage on my usual session:
sframe-boot.js?ver=1.11:46 Testing if CSP correctly blocks an 'eval' call 22:57:55.338 LessLoader.js?ver=2026.2.0-1772483278073:208 Compiling [/customize/src/less2/include/loading.less] took 92ms 22:57:55.507 LessLoader.js?ver=2026.2.0-1772483278073:208 Compiling [/common/onlyoffice/app-oo.less] took 180ms 22:57:55.666 jquery.min.js?ver=2026.2.0-1772483278073:2 Failed to load resource: the server responded with a status of 404 () send @ jquery.min.js?ver=2026.2.0-1772483278073:2 22:57:56.057 inner.js?ver=2026.2.0-1772483278073:2206 updated config Object createOOConfig @ inner.js?ver=2026.2.0-1772483278073:2206 22:57:56.058 inner.js?ver=2026.2.0-1772483278073:2544 Uncaught TypeError: Cannot read properties of undefined (reading 'DocEditor') -
Any workaround for this? Shall I try to rollback the app version and if yes how ? I'm happy to just use an old version of the app if that can work, so I can at least re-open my files that I couldn't edit for 2 weeks now :-'(
EDIT, some tests/findings
$ curl -I https://<redacted>/common/onlyoffice/api.js HTTP/2 404 server: nginx date: Wed, 04 Mar 2026 23:10:17 GMT content-type: text/html content-length: 938 etag: "698ca1f6-3aa" $ curl -I https://<redacted>/web-apps/apps/api/documents/api.js HTTP/2 200 server: nginx date: Wed, 04 Mar 2026 23:10:19 GMT content-type: application/javascript content-length: 17408 last-modified: Wed, 11 Feb 2026 15:36:22 GMT etag: "698ca1f6-4400" access-control-allow-origin: https://sandbox.<redacted> access-control-allow-credentials: true permissions-policy: interest-cohort=() cross-origin-resource-policy: cross-origin cross-origin-embedder-policy: require-corp content-security-policy: default-src 'none'; child-src <redacted> accept-ranges: bytes strict-transport-security: max-age=63072000 x-xss-protection: 1; mode=block x-download-options: noopen x-content-type-options: nosniff x-permitted-cross-domain-policies: none referrer-policy: same-originhypothesis:
- the package changed the OnlyOffice API path,
- but existing pads/config still reference the old /common/onlyoffice/api.js path.
- GET /web-apps/apps/api/documents/api.js → 200 (JS)
- GET /common/onlyoffice/api.js → 404
- existing files still try /common/onlyoffice/api.js and fail with DocEditor undefined.
I'm not sure what must be done here, a compatibility rule in nginx to forward old request to new endpoints? a migration script/step in the next app update for old files?
-
A fix is being worked on here - https://git.cloudron.io/packages/cryptpad-app/-/merge_requests/15 cc @nebulon @brutalbirdie
-
Hi,
I see the fix has been merged and the latest update (1.13.2) was applied on my instance yet I cannot open my drive files
maybe a workaround is needed to export our files and re-import them, I'm not sure what to do but it's frustrating to not access my files for a few weeks now.
I'm sorry to ask again for support, but it's very annoying.
Thanks in advance!
-
I was able to reproduce the issue of not being able to open existing files, but new files work just fine. The main issue I found was that all existing documents strangely use a different access path. They all container
../dist/v8/...in their path, while new documents are at.../dist/v9/...the v8 calls all return 404, which seems to be the root cause.Does anyone know how those e2e documents reference actual api versions? I wasn't able to find anything related to this upstream.
-
New documents work without any issues, but there is a problem with older documents.
After the latest update, I managed to open an old document by right-clicking on it and selecting Create copy. The created copy then opens normally.
Maybe this can help someone as a temporary workaround until the bug is fully fixed.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login