Enable CORS on useful endpoints #10415

Closed
LukasReschke opened this Issue Aug 14, 2014 · 7 comments

Comments

Projects
None yet
5 participants
@LukasReschke
Member

LukasReschke commented Aug 14, 2014

Regarding benweet/stackedit#122 (comment) we should create a list of APIs where we should enable CORS to allow third-party devs integrate with ownCloud. Feel free to add more:

  • OCS Share API (no private data)
  • WebDAV
  • CalDAV
  • CardDAV

@LukasReschke LukasReschke referenced this issue in benweet/stackedit Aug 14, 2014

Open

Provide owncloud backend ? #122

@LukasReschke

This comment has been minimized.

Show comment
Hide comment
@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 14, 2014

Member

Include OCS Share API
Exclude OCS Privatedata API until we have OAuth2 with more granular API permissions: an app should only be allowed to read/write its own data, not access other apps data

Member

PVince81 commented Aug 14, 2014

Include OCS Share API
Exclude OCS Privatedata API until we have OAuth2 with more granular API permissions: an app should only be allowed to read/write its own data, not access other apps data

@jancborchardt

This comment has been minimized.

Show comment
Hide comment
@jancborchardt

jancborchardt Aug 14, 2014

Member

I added CalDAV and CardDAV (although they are not part of core).

cc @skddc @michielbdejong for remoteStorage.

Member

jancborchardt commented Aug 14, 2014

I added CalDAV and CardDAV (although they are not part of core).

cc @skddc @michielbdejong for remoteStorage.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Nov 27, 2014

Member

Ideally oauth2 should be implemented first: #10400

Member

PVince81 commented Nov 27, 2014

Ideally oauth2 should be implemented first: #10400

@michielbdejong

This comment has been minimized.

Show comment
Hide comment
@michielbdejong

michielbdejong Feb 28, 2015

Contributor

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

That's what I understand from the discussion above, and also, I did a simple test against the API of the demo instance:

curl -I https://test:test@demo.owncloud.org/ocs/v1.php/apps/files_sharing/api/v1/shares

and got back no CORS headers.

(side note: there were actually some cookie headers on there which should be removed if/when switching to CORS)

Contributor

michielbdejong commented Feb 28, 2015

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

That's what I understand from the discussion above, and also, I did a simple test against the API of the demo instance:

curl -I https://test:test@demo.owncloud.org/ocs/v1.php/apps/files_sharing/api/v1/shares

and got back no CORS headers.

(side note: there were actually some cookie headers on there which should be removed if/when switching to CORS)

@DeepDiver1975

This comment has been minimized.

Show comment
Hide comment
@DeepDiver1975

DeepDiver1975 Mar 2, 2015

Member

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

ocs share api is not using app framework controllers - we cannot apply the cors middleware - yet

Member

DeepDiver1975 commented Mar 2, 2015

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

ocs share api is not using app framework controllers - we cannot apply the cors middleware - yet

@DeepDiver1975 DeepDiver1975 modified the milestone: backlog Mar 21, 2015

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Sep 7, 2017

Member

CORS was implemented with domain whitelisting here: #28457

Member

PVince81 commented Sep 7, 2017

CORS was implemented with domain whitelisting here: #28457

@PVince81 PVince81 closed this Sep 7, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment