Help CSP Error when behind caddy (reverse-proxy)

thebetterjort · May 5, 2020, 3:18pm

When I login I get a blank page, the console shows these errors. Is this a bug where keycloak is still loading some assets over http instead of https?

Content Security Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent. console:19:1
Content Security Policy: The page’s settings observed the loading of a resource at eval (“script-src”). A CSP report is being sent. angular.js:1291:6
Content Security Policy: The page’s settings observed the loading of a resource at http://localhost/auth/js/keycloak.js?version=7sq3p (“script-src”). A CSP report is being sent.
Content Security Policy: The page’s settings blocked the loading of a resource at localhost/auth/realms/master/protocol/openid-connect/login-status-iframe.html?version=7sq3p (“frame-src”). keycloak.js:1219:26
Content Security Policy: The page’s settings observed the loading of a resource at localhost/auth/realms/master/protocol/openid-connect/login-status-iframe.html?version=7sq3p (“frame-src”). A CSP report is being sent.

I use caddy 2:

caddy reverse-proxy --from localhost --to 192.168.1.101:8080

When I try and login I get a blank page.

stevenscg · May 11, 2020, 12:45pm

I suspect that we’ve run into the same or a similar issue with 10.0.0 or 10.0.0.1.

Please add your findings and comments here: https://issues.redhat.com/browse/KEYCLOAK-14107

Topic		Replies	Views
Keycloak behind /auth on Caddy (reverse proxy) Configuring the server	1	1278	July 2, 2024
Mixed block error on API request on the admin console admin-console	0	695	April 26, 2022
Keycloak in docker behind reverse proxy Configuring the server admin-console	53	85462	May 1, 2024
Mixed Content behind Reverse Proxy Configuring the server	1	1673	August 3, 2021
Keycloak 20.0.1 in k8s and behind reverse proxy Configuring the server admin-console	3	2401	December 7, 2022

Help CSP Error when behind caddy (reverse-proxy)

Related topics