Hey all,
I’m having a strange issue, and i’m not really sure what i’m missing here.
So i have setup a reverse proxy (with modsec) for my home assistant, and it seems to be working fine except for the fact that it will always error the first time, browser console returns:
Refused to connect to 'wss://myurl.com/api/websocket' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
after pressing Retry on the page or simply F5’ing again, home assistant is reachable and working as it should.
has anyone ever encountered this issue? Here is my nginx config:
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name myurl.com;
location / {
return 301 https://myurl.com$request_uri;
}
}
server {
#listen 80;
#listen [::]80;
server_name myurl.com;
access_log /var/log/nginx/myurl.com.log;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# Things for better security
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
# include letsencrypt endpoints to bypass proxy and be able to autoupdate:
include snippets/letsencrypt.conf;
# add some CSRF headers:
# include snippets/policy_headers.conf;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// https://;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header X-Robots-Tag none;
# add_header Content-Security-Policy "default-src 'self';";
proxy_pass http://10.10.40.37:8123/;
}
location /api/websocket {
proxy_pass http://10.10.40.37:8123/api/websocket;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
Thanks in advance!