"Access through untrusted domain" #7732
Comments
|
@nickvergessen @blizzz @rullzer @ChristophWurst Do you have an idea for an API? |
Cannot say or promise for sure. 400 is pretty broad. Would it already suffice to provide a different message to this code? "400 Untrusted Domain"? |
|
if we go for an API it'll be a bit more invasive since the domain is tested early in base.php |
|
If possible I do not want to check for the message. But maybe an arbitrary status code is possible? Edit: Maybe it will even work to pass the message directly to the user. I'll have to check. |
|
Well we check early in base php and normally we return a page. We could of cource check for the Of course this only works if you properly check status.php first? |
Currently when accessing /status.php we get the complete html website back. If 400 is only used there, I can simply add a "translation" for 400. |
|
Or just return a proper status.php XML/JSON with the correct error message: 😉 (using HTTP codes for this is not really good) |
|
Well, this can still be accessible via web browser (of course if misconfigured), so a proper NC error web page is still nice for regular web browser user. |
But not on the |
|
Indeed 👍 |
* fixes #7732 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
Fix is in #7991 |
* fixes #7732 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
When having not properly setup "trusted_domains" we get on nextcloud android app only "unknown error occured".
We are calling "server/status.php" and get 400 back.
Is 400 only returned in this case, so it is safe to check for this? Or is there a more decent way to get this?
Ratio: from time to time home users approach to us and have it misconfigured. So I want to improve this a bit
The text was updated successfully, but these errors were encountered: