Hi,
I have roundcube oauth configured to authenticate against keycloak. The button appears on the login screen, I can login with keycloak, but then it redirects back to roundcube and roundcube shows the login page without any js or css applied. Tracing it with webdeveloper tools makes the issue obvious why there is no js or css: on redirect it tries to load the js and css from the wrong path; /index.php/login/skins/elastic/deps/bootstrap.min.css?s=1688210993 instead of /skins/elastic/deps/bootstrap.min.css?s=1688210993
The log shows that whatever the browser returns is rejected as the mime type doesn't match due to the X-Content-Type-Options setting of nosniff. This is off course expected, even if the index.php would return valid js or css code.
How can I get this to work (without losing the nosniff setting)?
The full webdeveloper tools console log:
Storage access automatically granted for First-Party isolation “https://keycloak.domain.tld” on “https://roundcube.domain.tld”.
The resource from “https://roundcube.domain.tld/index.php/login/skins/elastic/deps/bootstrap.min.css?s=1688210993” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/skins/elastic/styles/styles.min.css?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/plugins/libkolab/skins/elastic/libkolab.min.css?s=1693517410” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/plugins/tls_icon/tls_icon.css?s=1678132961” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/plugins/jqueryui/themes/elastic/jquery-ui.min.css?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/program/js/jquery.min.js?s=1688210980” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/program/js/jquery.min.js?s=1688210980”.
The resource from “https://roundcube.domain.tld/index.php/login/program/js/common.min.js?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/program/js/common.min.js?s=1688210976”.
The resource from “https://roundcube.domain.tld/index.php/login/program/js/app.min.js?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/program/js/app.min.js?s=1688210976”.
The resource from “https://roundcube.domain.tld/index.php/login/program/js/jstz.min.js?s=1688210980” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/program/js/jstz.min.js?s=1688210980”. oauth:25:535
Uncaught ReferenceError: rcube_webmail is not defined
<anonymous> https://roundcube.domain.tld/index.php/login/oauth?state=h3DuZfPs5LP5&session_state=bc11bc83-d99d-4acf-8ad9-2f63b96cb09c&code=1db87f15-ea02-45f4-b90b-fc4c95665d20.bc11bc83-d99d-4acf-8ad9-2f63b96cb09c.8c63d35c-d892-4e4a-a02c-21c7506b6176:44
The resource from “https://roundcube.domain.tld/index.php/login/plugins/jqueryui/js/jquery-ui.min.js?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/plugins/jqueryui/js/jquery-ui.min.js?s=1688210976”.
The resource from “https://roundcube.domain.tld/index.php/login/plugins/libcalendaring/libcalendaring.js?s=1642162726” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “https://roundcube.domain.tld/index.php/login/plugins/jqueryui/js/i18n/datepicker-de.js?s=1688210976” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “https://roundcube.domain.tld/index.php/login/plugins/jqueryui/js/i18n/datepicker-de.js?s=1688210976”.Bye,
Alexander.
