System Information
- Strapi Version: 4.14.0
- Operating System: Manjaro & Debian
- Database: Postgres 14
- Node Version: 18 LTS latest
- NPM Version: 10.1.0
Hey everyone and thank you for your help.
I’ve setup Strapi according to this setup in the documentation behind caddy as a reverse proxy. For my prod instance everything works fine, however having “basicauth” enabled on my staging setup, i cannot access the /admin route. I get CORS Errors and the page is in a reload loop.
I sadly have no clue and i couldn’t find any information for that specific issue in the docs or this forum.
Only thing i could found was this issue.
Has anybody any ideas? Would be amazing cause i’m out of knowledge and i want to use basicauth to allow only certain people access to my staging instance.
Errors:
All of those error are only present if basicauth is enabled.
EvalError: call to eval() blocked by CSP
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
Source: ;(function r(e,t=!1){const o="6.0";let i… api::post.post
My middleware config:
module.exports = ({ env }) => [
"strapi::errors",
"strapi::security",
"strapi::poweredBy",
{
name: 'strapi::cors',
config: {
headers: '*',
origin: ['http://localhost:1337', env('ALLOWED_ORIGIN')]
}
},
"strapi::logger",
"strapi::query",
"strapi::body",
"strapi::session",
"strapi::favicon",
"strapi::public",
];
My Caddy config:
staging.example.com {
encode zstd gzip
reverse_proxy staging_frontend:3000
route /backend* {
uri strip_prefix /backend
reverse_proxy staging_strapi:1337
}
header {
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer-when-downgrade
header_up Host {host}
header_up Upgrade {http_upgrade}
header_up Connection {http_upgrade}
}
basicauth {
username password
}
}