When trying to setup connection to account, "Login" button is greyed out, won't work

[Quix0r]

⚠️ Before posting ⚠️

• This is a bug, not a question or an enhancement.
• I've searched for similar issues and didn't find a duplicate.
• I've written a clear and descriptive title for this issue, not just "Bug" or "Crash".
• I agree to follow Nextcloud's Code of Conduct.

Steps to reproduce

1. Install app
2. Launch it
3. Enter your server's correct address, e.g. https://cloud.example
4. hit arrow to continue
5. "Login" is greyed out with both Chrome and and default "Samsung Internet"
6. Go back to Nextcloud app, hit "cancel" and try again
7. The browser won't open again?!

Expected behaviour

The "Login" button should be working by tabbing on it.

Actual behaviour

The "login" button is greyed out and tabbing on it won't work.

Android version

8.0.0

Device brand and model

Samsung Galaxy S7

Stock or custom OS?

Stock

Nextcloud android app version

3.30.5

Nextcloud server version

30.0.4

Using a reverse proxy?

No

Android logs

No response

Server error logs

Additional information

Uploading screenshot fails here, so here are the screenshots now: https://cloud.mxchange.org/index.php/s/public?path=%2FNextcloud%2F202501

[tobiasKaminsky]

Can you post a screenshot?
As this is served via server, I think it is better handled in server repo.

[Quix0r]

Sorry, I cannot upload here. It fails during upload. You can see them when click the above link.

[joshtrichards]

Typically when I've seen this it's one of:

• mixed HTTP/HTTPS content being served (i.e. config matter: check overwrite* values and reverse proxy config)
• network connectivity performance (button eventually will toggle on after assets load)
• debug mode being on (assets won't be served in an optimized manner)
• Cloudflare/mod_security settings

Please also check Admin settings->Overview for any errors or warnings.

[Quix0r]

First, thank you for all the good general tips, I check them later.

Well, I was able to login at the same cloud with my much older Samsung Tab S2 and "FOSS Browser" while my wife has this issue (this here is her device) with Chrome browser. So I would more suspect it at her device's end. But still we cannot find any badly configured there.

[Quix0r]

To your asked checks:

• There is no possibility that I have mixed content. I have a redirect from 80 to 443 except acme-challenge which is required for Let's Encrypt.
• Network performance might be an issue in her country but she managed it before and without my assistance.
• There is no line debug in my configuration file, so I assume it disabled. Or should I better explicitly disable it?
• mod_security is in detection-only mode. So no blocking here.

My redirect:

<IfModule mod_alias.c>
<VirtualHost cloud.mxchange.org:80>
ServerName cloud.mxchange.org
ServerAlias cloud.mxchange.org
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://cloud.mxchange.org/
</VirtualHost>
</IfModule>

Hmm, is Chrome strict in checking CSP lines? Here are mine:

    <IfModule mod_headers.c>
        Header always set X-Robots-Tag: "noindex, nofollow"
        Header always set X-Content-Type-Options "nosniff"
        Header always set X-Frame-Options "sameorigin"
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set Referrer-Policy: no-referrer
        Header always set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; img-src https://* 'data'; child-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests;"
    </IfModule>

Or is that to strict? It is just the "Login" button that remains disabled for whatever reason I cannot find. She also tried the default "Samsung Internet" but I suspect it to be broken in running compliant CSS/JS.

[joshtrichards]

Header always set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; img-src https://* 'data'; child-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests;"

Setting Content-Security-Policy statically is not a supported configuration. Nextcloud Server handles CSP internally, adjusting it as needed per transaction. There's also syntax error in your img-src which prevents inline resources from loading (e.g. it's probably why the arrow icon is missing from your login button in the screenshot).

These may be related to your current problem. It's certainly within the realm of possibility they're related.

It is just the "Login" button that remains disabled for whatever reason I cannot find.

The Log in button stays disabled until the document is fully loaded and the event listener is added.

[Quix0r]

@joshtrichards Thank you for your reply. So you recommend to remove the CSR lines? Still I wonder why my older Samsung Tab S2 went through and her newer Galaxy S7 did not. But I remove it now. It seem to be a JavaScript problem then (she cannot debug it herself). After that I report back if it is solved.