Refused to load spa-manifest.json
Steps to reproduce
Load the funkwhale starting page in a browser and look at the browser console log.
The browser fails to load
spa-manifest.json because, even though Funkwhale is configured to use
https, it tries to get the json file via
The related log output (domain is replaced with example.com) is:
library:1 Refused to load manifest from 'http://funkwhale.example.com/api/v1/instance/spa-manifest.json' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback. Mixed Content: The page at 'https://funkwhale.example.com/serviceWorker.js' was loaded over HTTPS, but requested an insecure resource 'http://funkwhale.example.com/api/v1/instance/spa-manifest.json'. This request has been blocked; the content must be served over HTTPS. serviceWorker.js:1 Uncaught (in promise) TypeError: Failed to fetch at ce.fetch (serviceWorker.js:1:3904) at p._handleInstall (serviceWorker.js:1:8431) at p._handle (serviceWorker.js:1:7902) at async p._getResponse (serviceWorker.js:1:6959) fetch @ serviceWorker.js:1 _handleInstall @ serviceWorker.js:1 _handle @ serviceWorker.js:1
What is expected?
Funkwhale version(s) affected: 1.3.0
MS Edge Version 114.0.1823.37 (Official build) (64-bit) Instance run on Docker.