Rugia
December 16, 2025, 9:05am
1
Hi everyone,
After upgrading my self-hosted n8n instance (1.123.6 or 2.1.0), workflows with forms are getting stuck on the first page (doesn’t proceed to next page). The browser console shows:
Access to fetch at ‘…/form-waiting/…/n8n-execution-status’from origin ‘null’ has been blocked by CORS policy
Root cause? packages/nodes-base/nodes/Form/utils/utils.ts where getWebhookSandboxCSP() is called. The generated CSP includes sandbox but is missing allow-same-origin, causing the browser to treat the page as origin: null and block the polling requests.
Workaround:
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy “sandbox allow-downloads allow-forms allow-modals allow-popups allow-scripts allow-same-origin allow-top-navigation-by-user-activation”;
Is this intentional, or should getWebhookSandboxCSP() include allow-same-origin for form pages?
Thanks!
3 Likes
m0k3y
December 16, 2025, 3:56pm
2
Hello, recently I made a thread on GitHub.
opened 07:09AM - 16 Dec 25 UTC
triage:pending
status:in-linear
### Bug Description
When I click on the next form, an infinite loop appears, an… d it does not proceed to the next form.
before n8n version 2.0, it can load properly.
### To Reproduce
Just make node "On form submission" and make switch node and node "next from page"
<img width="961" height="648" alt="Image" src="https://github.com/user-attachments/assets/16ea24ed-2956-4f68-bf24-24a11f8322da" />
<img width="1339" height="770" alt="Image" src="https://github.com/user-attachments/assets/82a3b99b-57d5-48a1-98d1-3ef640b2a8f5" />
### Expected behavior
Can load to the next form.
### Debug Info
# Debug info
## core
- n8nVersion: 2.1.0
- platform: docker (self-hosted)
- nodeJsVersion: 22.21.1
- nodeEnv: production
- database: sqlite
- executionMode: regular
- concurrency: -1
- license: enterprise (production)
- consumerId: b40e5767-9497-41ce-b2ba-9283c4a530c1
## storage
- success: all
- error: all
- progress: false
- manual: true
- binaryMode: filesystem
## pruning
- enabled: true
- maxAge: 336 hours
- maxCount: 10000 executions
## client
- userAgent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/143.0.0.0 safari/537.36
- isTouchDevice: false
Generated at: 2025-12-16T07:08:23.471Z
### Operating System
Windows 11
### n8n Version
2.1.0
### Node.js Version
22.21.1
### Database
SQLite (default)
### Execution mode
main (default)
### Hosting
self hosted
thankyou for confirming it. please help me post a comment to the thread.
1 Like
Rugia:
Hi everyone,
After upgrading my self-hosted n8n instance (1.123.6 or 2.1.0), workflows with forms are getting stuck on the first page (doesn’t proceed to next page). The browser console shows:
Access to fetch at ‘…/form-waiting/…/n8n-execution-status’from origin ‘null’ has been blocked by CORS policy
Root cause? packages/nodes-base/nodes/Form/utils/utils.ts where getWebhookSandboxCSP() is called. The generated CSP includes sandbox but is missing allow-same-origin, causing the browser to treat the page as origin: null and block the polling requests.
Workaround:
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy “sandbox allow-downloads allow-forms allow-modals allow-popups allow-scripts allow-same-origin allow-top-navigation-by-user-activation”;
Is this intentional, or should getWebhookSandboxCSP() include allow-same-origin for form pages?
Thanks!
Ok so, , , ,Current CSP breaks Forms by forcing origin:pull.This is almost certainly a bug, not intended behavior.I found out that your Nginx fix is valid and safe.this should be fixed upstream by adding allow-same-origin for Form pages.
2 Likes
system
January 2, 2026, 1:46pm
4
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
