Prevent direct connection to docker draw.io instance

[Luticus]

I have a configuration like the one in this image. I'm trying to use my own draw.io instance in a docker container. What I want to know is how to prevent people from bypassing the Nextcloud instance and going straight to the draw.io location? Are there any thoughts on how to achieve that? As it is now, any random internet user can use the docker draw.io without logging in via Nextcloud which isn't desirable.

[Luticus]

One thing I have tried is setting up apache url authentication and putting https://user:[email protected] in the Draw.io URL box, but unfortunately when I try to pass the creds that way I get a content security policy error. If I just log into the draw.io instance directly via the draw.example.com url, without directly passing creds, let it prompt me, and manually enter the credentials, then everything works. That's obviously not desirable though as I don't want to bother users with yet another credential to enter, so it would be best if i could pass the credential automatically in the url.