Refused to load spa-manifest.json
Steps to reproduce
Load the funkwhale starting page in a browser and look at the browser console log.
What happens?
The browser fails to load spa-manifest.json
because, even though Funkwhale is configured to use https
, it tries to get the json file via http
.
The related log output (domain is replaced with example.com) is:
library:1 Refused to load manifest from 'http://funkwhale.example.com/api/v1/instance/spa-manifest.json' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.
Mixed Content: The page at 'https://funkwhale.example.com/serviceWorker.js' was loaded over HTTPS, but requested an insecure resource 'http://funkwhale.example.com/api/v1/instance/spa-manifest.json'. This request has been blocked; the content must be served over HTTPS.
serviceWorker.js:1 Uncaught (in promise) TypeError: Failed to fetch
at ce.fetch (serviceWorker.js:1:3904)
at p._handleInstall (serviceWorker.js:1:8431)
at p._handle (serviceWorker.js:1:7902)
at async p._getResponse (serviceWorker.js:1:6959)
fetch @ serviceWorker.js:1
_handleInstall @ serviceWorker.js:1
_handle @ serviceWorker.js:1
What is expected?
Funkwhale loads spa-manifest.json
Context
Funkwhale version(s) affected: 1.3.0
MS Edge Version 114.0.1823.37 (Official build) (64-bit) Instance run on Docker.