Integrate files_sharing_webapppassword #61
Conversation
README.md
Outdated
|
|
||
| The setting is both used for the origin of the CORS headers for the WebDAV/CalDAV requests and | ||
| for the referrer check whether we want to generate a temporary app password. | ||
|
|
||
| Alos you can configure in the same way the files sharing part. | ||
|
|
||
| `'files_sharing_webapppassword.origins' => ['https://example.com'],` - array of allowed files sharing api origins |
There was a problem hiding this comment.
This setting would belong to a different app...
Shouldn't that be something like: |
| 'url' => '/api/v1/shares/{id}', | ||
| 'verb' => 'DELETE', | ||
| ] | ||
|
|
There was a problem hiding this comment.
Aren't those Nextcloud routes? Why do they need to be included in webapppassword?
There was a problem hiding this comment.
In fact it is reimplementing the files_sharing api in webapppassword namespace to be able to apply the filtering of origins.
There was a problem hiding this comment.
Ok, I see. This really should belong into Nextcloud core. 😅
Can you please mention that there are new sharing endpoints on the settings, like you did in the README.
There was a problem hiding this comment.
Added, and restructured the settings to sections. It may include the copy url button and the real base url but this may add noise to this MR. maybe in next merge requests...
README.md
Outdated
|
|
||
| The setting is both used for the origin of the CORS headers for the WebDAV/CalDAV requests and | ||
| for the referrer check whether we want to generate a temporary app password. | ||
|
|
||
| Alos you can configure in the same way the files sharing part. |
|
Looking good, thank you! |
|
@aleixq @pbek hi i added my domain to ui parts as setting for sharing api not worked i get cors error also i tried another way add like define 'files_sharing_webapppassword.origins' => ['http://localhost:8080'] but i still get cors error . its working for webdav apis . i read your discussions about your app instead webapppassword but it is not yet released as you know. is there any reason for not working with only share apis? |
replied in issue |
As discussed in #1 , although this feature will be better to be in nextcloud core (proposed in nextcloud/server#37716 ) This MR integrates https://gitlab.com/communia/files_sharing_webapppassword to allow to access to Share API to a list of allowed origins. It has a separated setting both in system config and app config than webdav endpoint so origins could be different.
For app config it must be defined in
settings/admin/webapppasswordFor system config it must be defined in
files_sharing_webapppassword.originsNo automatic tests are made.