Problems:
- Due to some unknown problem in the interaction between SSOwat and Nextcloud server authentication, CSP nonces are wrong when you log into Nextcloud from YunoHost portal for the first time (systematically reproduced in a browser private session). The Nextcloud page is hence almost totally blank and you have to refresh the page or click on the Nextcloud logo.
- Due to CSP protection, the YunoHost tile (inline Javascript) is blocked
Solution:
While it's not a totally satisfying solution, a somewhat acceptable workaround to these two problems is to:
- block CSP v3 features (hence nonces), but still allowing CSP v2 features
- allow for "data:" font sources (needed to load YunoHost tile fonts)
This is done via patching Nextcloud sources:
- `ContentSecurityPolicyNonceManager`: disable the CSPv3 browser compatibility detection (return false in every case)
- `EmptyContentSecurityPolicy`: add the "data:" argument in `font-src` default CSP rule.
