angelo-v
commented
2 years ago Closed angelo-v closed 2 years ago
angelo-v
commented
2 years ago angelo-v
commented
2 years ago Since the options page does not send an origin header, the options page can do a request to add the required triple to the user profile.
Unfortunately, this is no longer true. The options page does indeed send an origin header and is therefore not allowed to add the required tripes.
As of today this is only needed for NSS
I do not think it is worth to put more effort on workarrounds for NSS, since solidcommunity.net and probably other providers will be moving from NSS to CSS in the long term and app authorization will work differently in the future. For now, we need to guide NSS users to add the correct extension URL as trusted app manually.
angelo-v
commented
2 years ago Fixed in https://github.com/codecentric/web-clip/issues/29 by opening to a special page on the user pod, that has the permission to add the trusted app statements
Currently the user needs to add the correct extension URL as a trusted app manually to allow access to NSS Pods. This is a manual step described on the options page.
We can simplify this, by doing it automatically (e.g. by just clicking a "Trust WebClip" button on the options page)
Since the options page does not send an origin header, the options page can do a request to add the required triple to the user profile.
As of today this is only needed for NSS, since CSS does not make use of the "trusted app" authorization and ESS does not work yet at all (see #21)