anonymous download URL pattern is not specialized

[alxgomz]

In linshare v2 , anonymous dowload URL pattern are as follow:

/#/external/anonymous/SOME-RANDOM-UUID

As # is basically just an anchor, the URL requested to the server is simply / (as anchors never go on the wire). This makes it impossible, for instance, to apply specific policy based on URL pattern. As a concrete example it is not possible to use an SSO system that would take care of linshare user UI (served at the root of the site) authentication but still allow anonymous users to download files shared via Linshare (as from the server perspective, the URL is identical).

[fmartin-linagora]

Hi, This is the main drawback of using JavaScript and SPA (Single page application). :) For the record, every "pages" (anoymous or not) will also access to the /linshare API (the core). It will also be required to unprotect some /linshare/xxx urls even if there will be a specific page for anonymous.

As a workaround, you can deploy a second unprotected instance/vhost of linshare ui user for anonymous (and guests) access. In the short term, we planned to study and develop a new portal which will merge upload request, upload proposition and anonymous url in one.