Closed amrita-shrestha closed 4 days ago
@amrita-shrestha There is a security mechanism called „proof keys“ which prevents that api call.
It should not give a 500 error though (@jvillafanez please check which could be an appropriate response code)
You can disable proof key validation for testing purposes.
@amrita-shrestha There is a security mechanism called „proof keys“ which prevents that api call.
It should not give a 500 error though (@jvillafanez please check which could be an appropriate response code)
You can disable proof key validation for testing purposes.
i will update issue according to your comment
When validating proof keys, if a request isn't signed properly, the host must return a 500 Internal Server Error
According to the logs, no proof key has been sent, so I think it can fall under that case. I don't see any other information about the proper error code we should send.
its look expected behavior so closing this issue
When validating proof keys, if a request isn't signed properly, the host must return a 500 Internal Server Error
According to the logs, no proof key has been sent, so I think it can fall under that case. I don't see any other information about the proper error code we should send.
We could also return status 400.
There are some headers that should be filled for a proper validation (https://github.com/owncloud/ocis/blob/master/services/collaboration/pkg/middleware/proofkeys.go#L42-L52), so we could return a 400 if any of them is missing or with an empty value. However, I think we should still return a 500 if the "official" validation fails, as it's documented. I think this is a good compromise.
Describe the bug
try to get file info inside projects using wopi, which returns 500 when COLLABORATION_APP_PROOF_DISABLE set to true
Steps to reproduce
test.txt
inside project spacenew-space
/app/open?app_name=$app&file_id=$fileId&view_mode=$viewMode
returnsExpected behavior
HTTP status code should not be 500
Actual behavior
Returns 500 status code
Setup
Please describe how you started the server and provide a list of relevant environment variables or configuration files.
```console ownCloud Infinite Scale Edition Community Version 6.4.0+ee8a3d48b Web client version 10.3.0 ```