Traefik HTTPS + Bookstack Rules breaking WYSIWYG Editor

Lodpot · January 23, 2023, 6:48pm

Hey there!

I'm running the latest version of Bookstack alongside Traefik on my Docker setup (w/ Portainer) on Ubuntu 22.04. Using MySQL DB image as well. I've setup Bookstack to normally be accessible under docs.domain.tld with SSL, and am generally able to access the App, UIs, etc without too many issues. I currently have it behind a httpauth middleware too. I've also declared the URL in APP_URL environmental variable.

The Problem: When in Bookstack, the WYSIWYG editor does not work (see screenshot) when accessing it over the HTTPS URL. However, if I revert to just directly accessing port 80 over http, the WYSIWYG it works. I see this error in my Console Log:

Refused to load the script 'https://docs.domain.tld/cdn-cgi/apps/head/6wJhVBB4ypyU1RY0Ji8OcqnjF-w.js' because it violates the following Content Security Policy directive: "script-src http: https: 'nonce-e5cowZZvujbA5XnKFlKasp1B' 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
edit:1 Refused to load the script 'https://docs.domain.tld/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js' because it violates the following Content Security Policy directive: "script-src http: https: 'nonce-e5cowZZvujbA5XnKFlKasp1B' 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I suspect this is something with how I've setup my Traefik Labels for this container, and the SSL / HTTPS implementation I currently have; here are my Labels:

traefik.http.services.docs.loadbalancer.server.port - 80 traefik.http.routers.docs.tls.domains[0].main - docs.domain.tld traefik.http.routers.docs.tls.certresolver - letsencrypt traefik.http.routers.docs.tls - true traefik.http.routers.docs.rule - Host(docs.domain.tld) || Host(www.docs.domain.tld) traefik.http.routers.docs.entrypoints - https traefik.http.middlewares.docs.headers.customrequestheaders.X-Forwarded-Proto - https

Any help or advice as to how to fix this would be strongly appreciated!
Thank you

bluepuma77 · January 24, 2023, 12:28am

Traefik itself does not add any security headers unless you configured it, so I rather think it's an issue with your app. Have you set your APP_URL env var to include https:// ? Check your browser's developer tools' network tab for response headers from your app.

Topic		Replies	Views
Traefik bookstack gateway timeout Traefik v2 (latest) docker	0	777	November 27, 2020
Some problems with traefik and docker Traefik v2 (latest) docker	1	347	January 8, 2021
Traefik >=2.0 and onlyoffice not work, work correctly in V<2 Traefik v2 (latest) docker	7	11591	January 10, 2021
Conntect to web server through traefik return error (javascript not enabled) Traefik v2 (latest) docker , file	4	444	March 14, 2023
Traefik v2.6 - dynamic configuration Traefik v2 (latest) docker , letsencrypt-acme , cli	4	1686	March 19, 2022

Traefik HTTPS + Bookstack Rules breaking WYSIWYG Editor

Related Topics