-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Access through untrusted domain" #7732
Comments
@nickvergessen @blizzz @rullzer @ChristophWurst Do you have an idea for an API? |
Cannot say or promise for sure. 400 is pretty broad. Would it already suffice to provide a different message to this code? "400 Untrusted Domain"? |
if we go for an API it'll be a bit more invasive since the domain is tested early in base.php |
If possible I do not want to check for the message. But maybe an arbitrary status code is possible? Edit: Maybe it will even work to pass the message directly to the user. I'll have to check. |
Well we check early in base php and normally we return a page. We could of cource check for the Of course this only works if you properly check status.php first? |
Currently when accessing /status.php we get the complete html website back. If 400 is only used there, I can simply add a "translation" for 400. |
Or just return a proper status.php XML/JSON with the correct error message: 😉 (using HTTP codes for this is not really good) |
Well, this can still be accessible via web browser (of course if misconfigured), so a proper NC error web page is still nice for regular web browser user. |
But not on the |
Indeed 👍 |
* fixes #7732 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fix is in #7991 |
* fixes #7732 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
When having not properly setup "trusted_domains" we get on nextcloud android app only "unknown error occured".
We are calling "server/status.php" and get 400 back.
Is 400 only returned in this case, so it is safe to check for this? Or is there a more decent way to get this?
Ratio: from time to time home users approach to us and have it misconfigured. So I want to improve this a bit
The text was updated successfully, but these errors were encountered: