Remove Font-Upload + Note of fonts.json from settings when using central Collabora backend server

[mrimann]

Is your feature request related to a problem? Please describe. In a setup where multiple Nextcloud Server Instances share a central Collabora Server for editing files, we ran into an issue related to uploading custom Font Files.

We struggled about the "Make sure to set this URL" instructions below the list of fonts. In a setup with a shared Collabora backend server, they are misleading under certain circumstances:

If the user has an own Collabora server that he can control/configure to his taste, all is fine. In this case, the user can add the /apps/richdocuments/settings/fonts.json-URLs of one or multiple of the Nextcloud instances.

(This results in Collabora fetching those JSON URLs each minute, downloading each and every mentioned/linked Font-File and then offering all of the fonts to each and every user - independent of the "source" Nexctcloud from which the user connects to edit a file. But that's a different story.)

In the above mentioned scenario, it's definitely not possible to securely let one Nextcloud instance "publish" their fonts towards Collabora without sharing it with whoever by chance also uses the same Collabora backend-server.

This in turn

• makes uploading fonts in the Settings of the Office in /settings/admin/richdocuments senseless
• irritates the user to see the "Make sure to set this URL" note below the list of Fonts

Describe the solution you'd like Either make it possible to not show the whole Font-Upload / "Make sure to set this URL" section in case an external Collabora-Server is being used. Probably via a separate configuration option.

Or, if that's possible in conjunction with the Collabora backend server, to only fetch/use the Fonts that Nextcloud-Instance-A presents in it's JSON file also to users of Nextcloud-Instance-A when they edit a file - but not to users of Nextcloud-Instance-B when they edit a document on the same Collabora Backend server.

Describe alternatives you've considered Checked whether there already is such a feature-flag or something in the code to remove the note and/or the font-list/font-upload. Didn't find any of those.

Additional context One might think about the privacy/security aspect of the publicly available fonts again. Consider a customer using this upload to use e.g. a licensed font file. Having this (unintentionally) made public could cause some problems.

[damienvancouver]

a customer actually just asked us for this, in this exact situation. They have some custom google fonts they bought, they want them in collabora... but it's a shared CODE backend with several small NC instances pointed at it.

Or, if that's possible in conjunction with the Collabora backend server, to only fetch/use the Fonts that Nextcloud-Instance-A presents in it's JSON file also to users of Nextcloud-Instance-A when they edit a file - but not to users of Nextcloud-Instance-B when they edit a document on the same Collabora Backend server.

This seems like the best solution, if it is possible. The most secure solution would be to have one collabora backend per instance. But it's very resource intensive if you have lots of small instances where 99.9% of the time not even one user is editing.