nextcloud_ynh/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch

 lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
 lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php    | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 85ae127f5f..91618a09fc 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
 	 * @return bool
 	 */
 	public function browserSupportsCspV3() {
+		// YunoHost patch: disable CSPv3 nonces to:
+		// - avoid white page on first login from YunoHost portal
+		// - allow YunoHost tile display
+		return false;
 		$browserWhitelist = [
 			Request::USER_AGENT_CHROME,
 			// Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 64d4eb6e5d..59d5885620 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
 
 		if(!empty($this->allowedFontDomains)) {
 			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
-			$policy .= ';';
+			// YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+			$policy .= ' data:;';
 		}
 
 		if(!empty($this->allowedConnectDomains)) {