Jörn Friedrich Dreyer
Jörn Friedrich Dreyer
AFAIU this issue is about adding a CSP by reading it from the apps `manifest.json`. The admin can override the CSP with a `config.json`. Regarding security I'd prefer the `manifest.json`...
hm allowing a CSP to `raw.githubusercontent.com` seems to open a can of worms, doesn't it? anyone can host content there.
ok, the URLs can contain path, so we can limit it to our web app. Still, I would prefer the web ui to show an explanation of what the admin...
> > ok, the URLs can contain path, so we can limit it to our web app. > > Still, I would prefer the web ui to show an explanation...
The reason for different prefixes is to allow changing the configuration of individual services when running in a single process. We shoud phase out as many service specific variables as...
And we need to clarify how config parsing works in the docs https://owncloud.dev/ocis/config/
nice! hm ... I'm nut sure this produces what we expect, when an admin has currently provided a csp rule file where he dropped eg the rules to github. would...
Hm, they would be granted access to the _storage spaces_ that were shared with them ... Something related to a more dynamic storage registry that is able to answer the...
ok ... afaict we need te intreduce interfaces for trash, trash nodes, revisions and revision nodes before we can introduce a real node metadata abstraction.
I am no longer working on this. Feel free to pick it up. I'll happily review.