Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable CORS on useful endpoints #10415

Closed
LukasReschke opened this issue Aug 14, 2014 · 8 comments
Closed

Enable CORS on useful endpoints #10415

LukasReschke opened this issue Aug 14, 2014 · 8 comments

Comments

@LukasReschke
Copy link
Member

@LukasReschke LukasReschke commented Aug 14, 2014

Regarding benweet/stackedit#122 (comment) we should create a list of APIs where we should enable CORS to allow third-party devs integrate with ownCloud. Feel free to add more:

  • OCS Share API (no private data)
  • WebDAV
  • CalDAV
  • CardDAV
@LukasReschke
Copy link
Member Author

@LukasReschke LukasReschke commented Aug 14, 2014

@PVince81
Copy link
Member

@PVince81 PVince81 commented Aug 14, 2014

Include OCS Share API
Exclude OCS Privatedata API until we have OAuth2 with more granular API permissions: an app should only be allowed to read/write its own data, not access other apps data

@jancborchardt
Copy link
Member

@jancborchardt jancborchardt commented Aug 14, 2014

I added CalDAV and CardDAV (although they are not part of core).

cc @skddc @michielbdejong for remoteStorage.

@PVince81
Copy link
Member

@PVince81 PVince81 commented Nov 27, 2014

Ideally oauth2 should be implemented first: #10400

@michielbdejong
Copy link
Contributor

@michielbdejong michielbdejong commented Feb 28, 2015

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

That's what I understand from the discussion above, and also, I did a simple test against the API of the demo instance:

curl -I https://test:test@demo.owncloud.org/ocs/v1.php/apps/files_sharing/api/v1/shares

and got back no CORS headers.

(side note: there were actually some cookie headers on there which should be removed if/when switching to CORS)

@DeepDiver1975
Copy link
Member

@DeepDiver1975 DeepDiver1975 commented Mar 2, 2015

So IIUC, the code for CORS was added to the middleware last May, but it was never actually activated on the OCS Share API?

ocs share api is not using app framework controllers - we cannot apply the cors middleware - yet

@DeepDiver1975 DeepDiver1975 modified the milestone: backlog Mar 21, 2015
@PVince81
Copy link
Member

@PVince81 PVince81 commented Sep 7, 2017

CORS was implemented with domain whitelisting here: #28457

@PVince81 PVince81 closed this Sep 7, 2017
@lock
Copy link

@lock lock bot commented Aug 2, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.