Cors issue on self hosted with reverse proxy

mtubul · January 18, 2024, 12:46pm

Describe the problem/error/question

We using. n8n as self hosted, we implemented a reverse-proxy using a nodejs server.
During development we succeded to use the reveerse proxy serving all api requests. now we are trying to serving also the editor-ui

the proxy service run on

localhost:3033/proxy

this is the runtime config we set

N8N_EDITOR_BASE_URL=http://localhost:3033/proxy;
N8N_HOST=localhost;
N8N_PATH=/proxy/;
N8N_PROTOCOL=http;
VUE_APP_URL_BASE_API=http://localhost:3033/proxy/;
WEBHOOK_URL=http://localhost:3033/proxy

i see all the static files are served

What is the error message (if any)?

the error is

Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ https: ‘unsafe-inline’”.

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

**n8n version:latest
**Database (default: SQLite):postgres
n8n EXECUTIONS_PROCESS setting (default: own, main):
**Running n8n via (Docker, npm, n8n cloud, desktop app):npm
Operating system:

netroy · January 18, 2024, 4:33pm

This error comes from Content Security Policy setup. Since n8n doesn’t have any CSP, I assume your reverse-proxy adding a Content-Security-Policy header.
Can you please check the reverse-proxy config to make sure this header isn’t set?

In an ideal world n8n would implement it’s own CSP, but it’s currently not a priority.

mtubul · January 19, 2024, 10:18am

Thanks for the reply, i will validate it again

system · February 29, 2024, 8:17am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.