Cloud File Storage for App

NickV · July 23, 2019, 1:30pm

Hi,

I am trying (and failing) to connect to my OwnCloud from the Angular application I am developing. I have tried whitelisting my deployment domain(s), and I have given my app an individual token to use in authentication, but I’m not getting past CORS.

Authtest(){
const output = new HttpHeaders();
output.append(‘Accept’, ‘application/myApp’);
output.append(‘Authorization’, 'Bearer myUserName:myAppToken);
const Options = {headers: output};
this.client.request(‘PROPFIND’, ‘http://MyWebDavPath/’, Options).subscribe(res => {
console.log(res);
});
}

Can anyone tell me what I’m doing wrong, or if I’m even close to the right track?

alfredb · July 23, 2019, 8:39pm

I think you have to add an Origin header, if you want so access with a self written app. Had a similar problem some time ago. Maybe the same applies here.

NickV · July 24, 2019, 3:24am

thanks, but this didn’t do it. I attempted with all whitelisted domain names, and with the server IP the app is deployed on (after whitelisting that, too), to no avail

EDIT: Found a solution to the CORS-Problem, but I still can’t authenticate. I used Basic ${btoa(myUsername:myPassword)} as in the http headers documentation. Is this server using a different authentication method, or is there something I’m still missing?

For the CORS-Problem, I had to append /config/config-php with " ‘cors.allowed-domains’ => [http***myDomain.mdex] ", the entry’s in the GUI don’t do jack

I think you have to add an Origin header, if you want so access with a self written app. Had a similar problem some time ago. Maybe the same applies here.

Notes-API: Cross-Origin Request Blocked Server-Apps

I repeated the tests. Server: localhost Client: localhost, Firefox with unmodified webextension from AMO It fails with the unmodified code, with the well-known message (console). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http***localhost/owncloud/index.php/apps/notes/api/v0.2/notes?exclude=content. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). But if you add the value of the origin value, in my case moz-extension***24e15b4…

alfredb · July 24, 2019, 5:48am

Maybe you should consider to post more details.

NickV · July 24, 2019, 5:55am

sorry about the lack of details, I’m still rather new to JavaScript and php, and I’m not even entirely sure what is relevant in this context, and how exactly to talk about it. Maybe you’ve seen my Edit of my response to your answer, I did a bit more explaining and hope you can make more sense of it

alfredb · July 24, 2019, 7:06am

Well, they do, at least they did the last time I was using is. But the input must be a valid URL.

Could be interesting for others as well.

NickV · July 24, 2019, 8:00am

yes, the UI only accepts valid and specific domain adresses. But when I found and downloaded the config.php, I found that there was no entry ‘cors.allowed-domains’, which I then created myself. After uploading my adjusted config.php, I didn’t get the CORS-reject Error response anymore.

Config.php can be reached via ftp on the server you are running your openCloud application on, in the case of my server (xenonserver.de)

/apps/<username>/config/config.php

open with editor, looks like this:

<?php
$CONFIG = array (
  'instanceid' => 'aninstanceid',
  'passwordsalt' => 'apassword',
  'secret' => 'asecret',
  !!!'cors.allowed-domains' => [
'http://localhost:8080',
'http://www.domain1.com',
'http://www.domain2.com',
   *
   *
   *
'http://www.domains.com'
  ],!!!
  'trusted_domains' => 
  array (
    0 => 'trustedDomain.com',
  ),
  'datadirectory' => '/var/www/datadirectory/path',
  'overwrite.cli.url' => 'http://thedomainyoureusing.com',
  'dbtype' => 'sqlite3',
  'version' => '10.2.0.5',
  'logtimezone' => 'UTC',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/ownCloud/path',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/externalapps/path',
      'url' => '/apps-external',
      'writable' => true,
    ),
  ),
  'installed' => true,
);

I edited some stuff so my data can’t be glanced. the section that is enclosed by !!! is what needs to be edited in with the appropriate data, and then uploaded to it’s source location (ftp is easiest imho, also assuming you’re an admin)

THIS IS ONLY A PARTIAL SOLUTION TO MY PROBLEM: I AM STILL DENIED ACCESS (401 - UNAUTHORIZED)

I’ve been combing the documentation, and I can’t find any information on how to handle my authorization header. I’ve also been scouring the git pages for the android client to see how it was handled there, but I can’t really make any sense of it, or at least find out what I’m doing wrong. If I can’t get this up and running, I am screwed

alfredb · July 25, 2019, 6:11am

Something like this?

headers = {
      Authorization: 'Basic ' + btoa(`${res.username}:${res.password}`),
      'Content-Type': 'application/json'
};

NickV · July 25, 2019, 11:19am

Idk what changed, but now it’s accepting my request. Thanks!

alfredb · July 25, 2019, 2:15pm

Glad to hear that it works.

Now you should care about your CORS-issue. Adding “everything” to
cors.allowed-domains cannot be a real solution.

NickV · July 25, 2019, 3:04pm

'http://localhost:8080',
'http://www.domain1.com',
'http://www.domain2.com',
   *
   *
   *
'http://www.domains.com'

that’s just a list of example domains. I only allow my deployment site(s) access. I guess if someone spoofed my domain that wouldn’t be so good, but as far as I checked, the origins header is ignored on my server

alfredb · July 25, 2019, 3:23pm

OK, I see. This is another strategy.

bluemagma612 · April 27, 2020, 3:17am

@NickV I can’t thank you enough for posting the solution. I honestly was about to give up on ownCloud. They should pay you.