Cors issue on self hosted with reverse proxy

Describe the problem/error/question

We using. n8n as self hosted, we implemented a reverse-proxy using a nodejs server.
During development we succeded to use the reveerse proxy serving all api requests. now we are trying to serving also the editor-ui

the proxy service run on


this is the runtime config we set


i see all the static files are served

What is the error message (if any)?

the error is

Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ https: ‘unsafe-inline’”.

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

  • **n8n version:latest
  • **Database (default: SQLite):postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • **Running n8n via (Docker, npm, n8n cloud, desktop app):npm
  • Operating system:

This error comes from Content Security Policy setup. Since n8n doesn’t have any CSP, I assume your reverse-proxy adding a Content-Security-Policy header.
Can you please check the reverse-proxy config to make sure this header isn’t set?

In an ideal world n8n would implement it’s own CSP, but it’s currently not a priority.


Thanks for the reply, i will validate it again

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.