Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabled OCS Share API CORS #1

Closed
Silbad opened this issue Feb 14, 2021 · 10 comments
Closed

Enabled OCS Share API CORS #1

Silbad opened this issue Feb 14, 2021 · 10 comments
Labels
enhancement New feature or request help wanted Extra attention is needed
Milestone

Comments

@Silbad
Copy link

Silbad commented Feb 14, 2021

Hello,
Can you add the possibility to enabled CORS pour OCS Share API (https://docs.nextcloud.com/server/latest/developer_manual/client_apis/OCS/ocs-share-api.html) ? Webdav don't support sharing links...
Thanks ^^

@pbek pbek added the enhancement New feature or request label Feb 14, 2021
@pbek
Copy link
Member

pbek commented Feb 14, 2021

Thank you for your suggestion.
First someone would need to find out what CORS headers are supposed to be set and that headers shouldn't be on by default. So there would need to be more configuration options on the admin page.

@pbek pbek added the help wanted Extra attention is needed label Feb 14, 2021
@vialcollet
Copy link

Hi
This would be really nice to have this feature.
I am creating an obisdian plugin to share notes but I am blocked by this CORS issue.

@aleixq
Copy link
Contributor

aleixq commented Apr 11, 2023

I am looking too at how this could be solved...

Adding the annotation @CORS createShare method in ShareAPIController.php of files_sharing app , and adding the route in appinfo/routes.php:

[                                       
'name' => 'ShareAPI#preflighted_cors',
'url' => '/api/v1/shares',
'verb' => 'OPTIONS',
],

allows the sharing api to be used from an external url to create a share (not a surprise as it's said in https://docs.nextcloud.com/server/22/developer_manual/digging_deeper/rest_apis.html#rest-apis ).

Altering the core files_sharing app isn't the way to go, but I cannot find any event to listen and react, to adapt the response to OPTIONS and POST method request to /api/v1/shares files_share route. This would help when using the api in a dedicated app ...

Something like https://symfony.com/doc/current/reference/events.html#kernel-response would be great But using symfony events is discouraged

I'll keep looking.

@aleixq
Copy link
Contributor

aleixq commented Apr 13, 2023

I end up extending the files_sharing shareapi controller in a new app https://gitlab.com/communia/files_sharing_webapppassword to add a check origin applied to the original response. Maybe this could be added to webapppassword app or remain as separated app.

Also, maybe this could be proposed in nextcloud/server repo (as was asked in nextcloud/server#3131) :
Add a middleware as @CORS is doing, or modifying the existing @CORS behavior to allow in https://github.com/nextcloud/server/blob/master/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#L116 to use a similar logic as I am using in the checkOrigin trait (https://gitlab.com/communia/files_sharing_webapppassword/-/blob/main/lib/Controller/AccessControl.php#L25 ) .

@pbek
Copy link
Member

pbek commented Apr 17, 2023

Nice. If you want to integrate it into webapppassword, I can review the pull request.

@pbek
Copy link
Member

pbek commented Apr 19, 2023

23.4.0

  • A files sharing API with origin check was added
    (for #1, thank you @aleixq)

@pbek pbek added this to the 23.4.0 milestone Apr 19, 2023
pbek added a commit that referenced this issue Apr 19, 2023
@pbek
Copy link
Member

pbek commented Apr 19, 2023

There now is a new release, could you please test it and report if it works for you?

@pbek
Copy link
Member

pbek commented Apr 19, 2023

I released it on https://apps.nextcloud.com/apps/webapppassword as well.

pbek added a commit that referenced this issue Apr 19, 2023
pbek added a commit that referenced this issue Apr 19, 2023
This was referenced Apr 19, 2023
pbek added a commit that referenced this issue Apr 20, 2023
@aleixq
Copy link
Contributor

aleixq commented Apr 24, 2023

Just adding that a draft PR is being proposed in: nextcloud/server#37896 and in related issue.

@pbek
Copy link
Member

pbek commented Apr 24, 2023

Great, I'll close this then.

@pbek pbek closed this as completed Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

4 participants