Closed Zocker1999NET closed 3 years ago
Hi, does this happen for users that aren't admins, too?
@szaimen I cannot finally approve this as I am/was admin on all instances I use(d) but I saw those only while browsing through apps on the endpoint /settings/apps
. So I expect only admins should experience this.
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.
Sorry, forgot to trigger the nextcloud-stale bot. I find this issue still relevant. If the "needs info" tag is still valid, could you rephrase what info might be still required?
I personally don't think that it is of a high priority and needs to be fixed because only admin accounts are affected as it seems. But lets see what others are saying: cc @nextcloud/server-triage is this feature request feasible?
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.
How to use GitHub
Is your feature request related to a problem? Please describe. I discovered that when I'm using my own Nextcloud instance and browsing through apps that my browser connects to a thirdparty domain
usercontent.apps.nextcloud.com
. As this is the official store for Nextcloud apps, I do not expect this site to be malicious and it is okay that my Nextcloud instance connects itself to this server to install new apps for example. But I do not expect that my browser must connect to this server.I do not assume that connection logs of this server will be used for malicious purposes like tracking, but in theory it could be and so I think it is reasonable to enable each instance to proxy those pictures so the official Nextcloud servers cannot learn something about users/admins of hosted Nextcloud instances and can only gather information about the instances themselves.
This also can slightly improve the performance of the usercontent provider as less requests are to be expected, even if I do not think that this is required.
Describe the solution you'd like Create an endpoint like
domain.tld/nextcloud/settings/apps/screenshots/<base64>
, which will respond with the (probably cached and) expected screenshot and send these links to the user's web browser, so the user is only required to connect to its own chosen Nextcloud instance and never required to connect to the official Nextcloud servers themselves.Describe alternatives you've considered It might be an alternative to keep the current state, but then it should be optional for users to see this images by default and enable them only after consent. Users should not be expected to use addons like uMatrix so that there privacy is protected, it should be protected by default.
Additional context Screenshot of uMatrix connecting my home instance: