From 6377d3adae7cce8bf0d5713b603ccd269064ef5b Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 18 Oct 2022 10:33:26 +0200
Subject: [PATCH 01/10] chore: set owncloud trusted domains

---
 charts/owncloud/README.md                 | 3 ++-
 charts/owncloud/templates/deployment.yaml | 2 ++
 charts/owncloud/values.yaml               | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index 30fa87e..e28197c 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -112,7 +112,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.debug | bool | `false` | Place this ownCloud instance into debugging mode (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#place-this-owncloud-instance-into-debugging-mode)). |
 | owncloud.defaultApp | string | `""` | Define the default app to open on user login (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-app-to-open-on-user-login)). |
 | owncloud.defaultLanguage | string | `"en"` | Define the default language of your ownCloud instance (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-language-of-your-owncloud-instance)). |
-| owncloud.domain | string | localhost | Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default. |
+| owncloud.domain | string | `"owncloud.chart.example"` | Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default. |
 | owncloud.enableAvatars | string | `""` | Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)). |
 | owncloud.enableCertificateManagement | string | `""` | Allow the configuration of system-wide trusted certificates (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#allow-the-configuration-of-system-wide-trusted-certificates)). |
 | owncloud.enableOidcRewriteUrl | string | `"false"` | Rewrites OpenID Connect wellknown URL `.well-known/openid-configuration` to the ownCloud OIDC configuration endpoint (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#set-up-service-discovery)). |
@@ -240,6 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
+| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/10.11/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |
diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml
index 1fa9c48..059537c 100644
--- a/charts/owncloud/templates/deployment.yaml
+++ b/charts/owncloud/templates/deployment.yaml
@@ -122,6 +122,8 @@ spec:
               value: {{ .Values.owncloud.defaultLanguage | quote }}
             - name: OWNCLOUD_DOMAIN
               value: {{ .Values.owncloud.domain | quote }}
+            - name: OWNCLOUD_TRUSTED_DOMAINS
+              value: {{ .Values.owncloud.trustedDomains | quote }}
             - name: OWNCLOUD_ENABLED_PREVIEW_PROVIDERS
               value: {{ .Values.owncloud.enabledPreviewProviders | quote }}
             - name: OWNCLOUD_ENABLE_AVATARS
diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index c0ff921..8ded097 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -97,8 +97,9 @@ owncloud:
   # -- Define the default language of your ownCloud instance (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-language-of-your-owncloud-instance)).
   defaultLanguage: "en"
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
-  # @default -- localhost
   domain: "owncloud.chart.example"
+  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/10.11/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
+  trustedDomains: "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).

From b10239afd999e500f4c63bc1d41ca9de7502a326 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 18 Oct 2022 12:34:51 +0200
Subject: [PATCH 02/10] fix docs link

---
 charts/owncloud/README.md   | 2 +-
 charts/owncloud/values.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index e28197c..2c51905 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/10.11/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
+| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |
diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index 8ded097..cb999ed 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -98,7 +98,7 @@ owncloud:
   defaultLanguage: "en"
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
-  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/10.11/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
+  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
   trustedDomains: "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""

From ef658af95214aab71dbf79569ab435ffecc7f18a Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 25 Oct 2022 10:51:08 +0200
Subject: [PATCH 03/10] add helper template to construct trustedDomains list

---
 charts/owncloud/README.md                 |  2 +-
 charts/owncloud/templates/_helpers.tpl    | 14 ++++++++++++++
 charts/owncloud/templates/deployment.yaml |  2 +-
 charts/owncloud/values.yaml               |  5 +++--
 4 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index 2c51905..28298f6 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
+| owncloud.trustedDomains | list | `["localhost"]` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically. |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |
diff --git a/charts/owncloud/templates/_helpers.tpl b/charts/owncloud/templates/_helpers.tpl
index 7249ef2..d71e424 100644
--- a/charts/owncloud/templates/_helpers.tpl
+++ b/charts/owncloud/templates/_helpers.tpl
@@ -30,6 +30,20 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{/*
+ownCloud trusted domains list.
+*/}}
+{{- define "owncloud.trustedDomains" -}}
+{{- $domains := list -}}
+{{- with .Values.owncloud.domain -}}
+{{- $domains = append $domains . -}}
+{{- end -}}
+{{- with .Values.owncloud.trustedDomains -}}
+{{- $domains = concat $domains . -}}
+{{- end -}}
+{{- $domains | join "," }}
+{{- end }}
+
 {{/*
 Common labels
 */}}
diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml
index 059537c..c2098ab 100644
--- a/charts/owncloud/templates/deployment.yaml
+++ b/charts/owncloud/templates/deployment.yaml
@@ -123,7 +123,7 @@ spec:
             - name: OWNCLOUD_DOMAIN
               value: {{ .Values.owncloud.domain | quote }}
             - name: OWNCLOUD_TRUSTED_DOMAINS
-              value: {{ .Values.owncloud.trustedDomains | quote }}
+              value: {{ include "owncloud.trustedDomains" . }}
             - name: OWNCLOUD_ENABLED_PREVIEW_PROVIDERS
               value: {{ .Values.owncloud.enabledPreviewProviders | quote }}
             - name: OWNCLOUD_ENABLE_AVATARS
diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index cb999ed..03f7d66 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -98,8 +98,9 @@ owncloud:
   defaultLanguage: "en"
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
-  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
-  trustedDomains: "localhost"
+  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically.
+  trustedDomains:
+    - "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).

From fc80bf31835ede6b9e0bbaaf9ef92d0058ac5ec2 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 25 Oct 2022 11:01:19 +0200
Subject: [PATCH 04/10] Revert "add helper template to construct trustedDomains
 list"

This reverts commit ef658af95214aab71dbf79569ab435ffecc7f18a.
---
 charts/owncloud/README.md                 |  2 +-
 charts/owncloud/templates/_helpers.tpl    | 14 --------------
 charts/owncloud/templates/deployment.yaml |  2 +-
 charts/owncloud/values.yaml               |  5 ++---
 4 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index 28298f6..2c51905 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | list | `["localhost"]` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically. |
+| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |
diff --git a/charts/owncloud/templates/_helpers.tpl b/charts/owncloud/templates/_helpers.tpl
index d71e424..7249ef2 100644
--- a/charts/owncloud/templates/_helpers.tpl
+++ b/charts/owncloud/templates/_helpers.tpl
@@ -30,20 +30,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
-{{/*
-ownCloud trusted domains list.
-*/}}
-{{- define "owncloud.trustedDomains" -}}
-{{- $domains := list -}}
-{{- with .Values.owncloud.domain -}}
-{{- $domains = append $domains . -}}
-{{- end -}}
-{{- with .Values.owncloud.trustedDomains -}}
-{{- $domains = concat $domains . -}}
-{{- end -}}
-{{- $domains | join "," }}
-{{- end }}
-
 {{/*
 Common labels
 */}}
diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml
index c2098ab..059537c 100644
--- a/charts/owncloud/templates/deployment.yaml
+++ b/charts/owncloud/templates/deployment.yaml
@@ -123,7 +123,7 @@ spec:
             - name: OWNCLOUD_DOMAIN
               value: {{ .Values.owncloud.domain | quote }}
             - name: OWNCLOUD_TRUSTED_DOMAINS
-              value: {{ include "owncloud.trustedDomains" . }}
+              value: {{ .Values.owncloud.trustedDomains | quote }}
             - name: OWNCLOUD_ENABLED_PREVIEW_PROVIDERS
               value: {{ .Values.owncloud.enabledPreviewProviders | quote }}
             - name: OWNCLOUD_ENABLE_AVATARS
diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index 03f7d66..cb999ed 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -98,9 +98,8 @@ owncloud:
   defaultLanguage: "en"
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
-  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically.
-  trustedDomains:
-    - "localhost"
+  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
+  trustedDomains: "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).

From 44a43cc15e3c15f2c2d5c1c5e67fc7dbc72eaef7 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 25 Oct 2022 11:02:28 +0200
Subject: [PATCH 05/10] revert trusted domain construction

---
 charts/owncloud/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index cb999ed..4479b12 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -99,7 +99,7 @@ owncloud:
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
   # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
-  trustedDomains: "localhost"
+  trustedDomains: "localhost,owncloud.chart.example"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).

From 4ffcb97eb73fe5d8782e180f177a3224e9c88ff1 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 25 Oct 2022 11:03:09 +0200
Subject: [PATCH 06/10] fix docs

---
 charts/owncloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index 2c51905..dc0cbe6 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
+| owncloud.trustedDomains | string | `"localhost,owncloud.chart.example"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |

From 90651509cbb7a402e441ef0005048faf1e76aa9c Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 25 Oct 2022 11:05:37 +0200
Subject: [PATCH 07/10] trigger ci


From dae72908f9cddd7adceac4be81e62c78ac50242b Mon Sep 17 00:00:00 2001
From: Dennis Sieben <dsieben@owncloud.com>
Date: Tue, 25 Oct 2022 11:20:49 +0200
Subject: [PATCH 08/10] Revert "fix docs"

This reverts commit 4ffcb97eb73fe5d8782e180f177a3224e9c88ff1.
---
 charts/owncloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index dc0cbe6..2c51905 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | string | `"localhost,owncloud.chart.example"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
+| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |

From 0862a37a6d01de180fb91f91db55180ac3535ad6 Mon Sep 17 00:00:00 2001
From: Dennis Sieben <dsieben@owncloud.com>
Date: Tue, 25 Oct 2022 11:20:53 +0200
Subject: [PATCH 09/10] Revert "revert trusted domain construction"

This reverts commit 44a43cc15e3c15f2c2d5c1c5e67fc7dbc72eaef7.
---
 charts/owncloud/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index 4479b12..cb999ed 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -99,7 +99,7 @@ owncloud:
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
   # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
-  trustedDomains: "localhost,owncloud.chart.example"
+  trustedDomains: "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).

From cf01c3d7489779ec1ce2b7295b69d96bf5e3824a Mon Sep 17 00:00:00 2001
From: Dennis Sieben <dsieben@owncloud.com>
Date: Tue, 25 Oct 2022 11:20:56 +0200
Subject: [PATCH 10/10] Revert "Revert "add helper template to construct
 trustedDomains list""

This reverts commit fc80bf31835ede6b9e0bbaaf9ef92d0058ac5ec2.
---
 charts/owncloud/README.md                 |  2 +-
 charts/owncloud/templates/_helpers.tpl    | 14 ++++++++++++++
 charts/owncloud/templates/deployment.yaml |  2 +-
 charts/owncloud/values.yaml               |  5 +++--
 4 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md
index 2c51905..28298f6 100644
--- a/charts/owncloud/README.md
+++ b/charts/owncloud/README.md
@@ -240,7 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). |
 | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). |
 | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). |
-| owncloud.trustedDomains | string | `"localhost"` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). |
+| owncloud.trustedDomains | list | `["localhost"]` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically. |
 | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). |
 | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). |
 | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). |
diff --git a/charts/owncloud/templates/_helpers.tpl b/charts/owncloud/templates/_helpers.tpl
index 7249ef2..d71e424 100644
--- a/charts/owncloud/templates/_helpers.tpl
+++ b/charts/owncloud/templates/_helpers.tpl
@@ -30,6 +30,20 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{/*
+ownCloud trusted domains list.
+*/}}
+{{- define "owncloud.trustedDomains" -}}
+{{- $domains := list -}}
+{{- with .Values.owncloud.domain -}}
+{{- $domains = append $domains . -}}
+{{- end -}}
+{{- with .Values.owncloud.trustedDomains -}}
+{{- $domains = concat $domains . -}}
+{{- end -}}
+{{- $domains | join "," }}
+{{- end }}
+
 {{/*
 Common labels
 */}}
diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml
index 059537c..c2098ab 100644
--- a/charts/owncloud/templates/deployment.yaml
+++ b/charts/owncloud/templates/deployment.yaml
@@ -123,7 +123,7 @@ spec:
             - name: OWNCLOUD_DOMAIN
               value: {{ .Values.owncloud.domain | quote }}
             - name: OWNCLOUD_TRUSTED_DOMAINS
-              value: {{ .Values.owncloud.trustedDomains | quote }}
+              value: {{ include "owncloud.trustedDomains" . }}
             - name: OWNCLOUD_ENABLED_PREVIEW_PROVIDERS
               value: {{ .Values.owncloud.enabledPreviewProviders | quote }}
             - name: OWNCLOUD_ENABLE_AVATARS
diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml
index cb999ed..03f7d66 100644
--- a/charts/owncloud/values.yaml
+++ b/charts/owncloud/values.yaml
@@ -98,8 +98,9 @@ owncloud:
   defaultLanguage: "en"
   # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default.
   domain: "owncloud.chart.example"
-  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)).
-  trustedDomains: "localhost"
+  # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically.
+  trustedDomains:
+    - "localhost"
   # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)).
   enabledPreviewProviders: ""
   # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).