Problem:
In reverse-proxy setups forwarding requests to OnlyOffice like our reference setup there you might encounter issues like
Refused to frame 'http://onlyoffice.mydomain.com/' because it violates the following Content Security Policy directive: "frame-src https://onlyoffice.mydomain.com/".
Solution:
Just add
proxy_set_header X-Forwarded-Proto $scheme;
directly after your proxy_pass clause in your nginx config, then run sudo service nginx reload.
The reason for this issue is that OnlyOffice thinks it’s being loaded using HTTP, but the Nextcloud page prevents insecure content from being loaded.
Using a proxy other than nginx? Just ensure that every proxied request (i.e. every request directed towards the OnlyOffice instance) has the X-Forwarded-Proto header set to the protocol of the original request – which should be https.