Open WeberSamuel opened 1 year ago
In case we want to expose we should probably think about switching to an OCS-API directly which can be used on both web and clients.
The current manual, however, recommends implementing a REST Api, as OCS is only for compatibility reasons: https://docs.nextcloud.com/server/latest/developer_manual/basics/controllers.html
In my case, exposing the API was as simple as changing the inherited class from Controller
to APIController
and add the @CORS
and @NoCSRFRequired
attributes to the functions.
Of course, it would be great if the API could be exposed officially.
CORS is not implemented properly unfortunately, so the common way to implement routes that can be reused by web and external clients would be OCS. This is the approach that works and is also used across Nextcloud apps.
Upstream issue for reference on the CORS problems https://github.com/nextcloud/server/issues/37319
I started some preparation for this in #988 by isolating the API related code on the client side.
Enable the easy external use of the collectives routes by turning them into a documented OCS API.
Use cases
Alternatives
Maybe one could give me a hint on how to get around the default CSRF check?