I'm sorry if I'm exaggerating the questions here, but I'm currently trying out a few things.
I'm trying to serve the console with browZer.
I've set it up using letsencrypt certificates and the docker image from Package ziti-browzer-bootstrapper · GitHub which is 0.63.4.
Identity provider is Microsoft Entra ID.
It seems to be working in general, as another site is being served (even if this error occurs here)
I've then setup a second vhost for the console, same idp_client_id.
Authentication with the identity provider succeeds.
But I then run in the following error:
BrowZer Runtime code: 1017
Cannot Reach Ziti Controller [https://ctrl.ziti.xyz.de:1280/edge/client/v1]
If I type the URL in the browser, the page is served perfectly fine.
I see the following error in the browser console
ziti-browzer-runtime-856546f8.js:169341 Refused to connect to 'https://ctrl.ziti.xyz.de:1280/edge/client/v1/version' because it violates the following Content Security Policy directive: "connect-src 'self' www.googletagmanager.com www.google-analytics.com openstreetmap.org ws: wss: https://login.microsoftonline.com/d313f676-90ff-4c91-a3b0-0507183e0b00/v2.0 https://*.netfoundry.io:* https://*.cloudziti.io wss://*.netfoundry.io:* data:".
ziti-browzer-runtime-856546f8.js:169341 Refused to connect to 'https://ctrl.ziti.xyz.de:1280/edge/client/v1/version' because it violates the document's Content Security Policy.
ziti-browzer-runtime-856546f8.js:169341 Refused to connect to 'https://ctrl.ziti.xyz.de:1280/edge/client/v1/authenticate?method=ext-jwt' because it violates the following Content Security Policy directive: "connect-src 'self' www.googletagmanager.com www.google-analytics.com openstreetmap.org ws: wss: https://login.microsoftonline.com/d313f676-90ff-4c91-a3b0-0507183e0b00/v2.0 https://*.netfoundry.io:* https://*.cloudziti.io wss://*.netfoundry.io:* data:".
ziti-browzer-runtime-856546f8.js:169341 Refused to connect to 'https://ctrl.ziti.xyz.de:1280/edge/client/v1/authenticate?method=ext-jwt' because it violates the document's Content Security Policy.
BrowZer log
root@ad-ztna01:~# docker logs -f -n0 ziti-browser-ziti-http-agent-1
{"error":"Cannot Reach Ziti Controller [https://ctrl.ziti.xyz.de:1280/edge/client/v1]","error_code":1017,"level":"error","message":"Possible configuration | certificates issue exists.","timestamp":"2024-08-06T13:51:24.136Z","version":"0.63.4"}
Router log
Aug 06 13:52:43 ad-ztna01 ziti[113426]: {"circuitCount":7,"file":"github.com/openziti/ziti/controller/handler_ctrl/circuit_confirmation.go:47","func":"github.com/openziti/ziti/controller/handler_ctrl.(*circuitConfirmationHandler).HandleReceive","level":"info","msg":"received circuit confirmation request","routerId":"pHbNlOUrfj","time":"2024-08-06T13:52:43.155Z"}
Looks to me that the browser is blocking something because of some content policy.
Any idea?