Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wopi proof keys #118

Open
wkloucek opened this issue Apr 13, 2023 · 1 comment
Open

wopi proof keys #118

wkloucek opened this issue Apr 13, 2023 · 1 comment
Labels
enhancement

Comments

@wkloucek
Copy link
Contributor

I just stumbled across this feature of WOPI, which I didn't know before and thought it's worth to be shared:

https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/online/scenarios/proofkeys describes a way to verify that requests are coming from a web office application.

It is also at least supported by OnlyOffice https://api.onlyoffice.com/editors/wopi/proofkeys
@glpatcern
Copy link
Member

glpatcern commented Apr 25, 2023
edited
Loading

Yes, this was (implicitly) included in #76. The implementation is not that straightforward though, especially as we have moved the discovery part to reva, and therefore the keys would need to be passed from reva to wopiserver at each /openinapp call (which is suboptimal) or with some other mechanism.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glpatcern @wkloucek