b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update WOPISrc URL to include access_token for Collabora and remove unnecessary hidden input

Browse Source
This commit is contained in:
Leon Bösche
2026-02-05 16:01:05 +01:00
parent 9eac0fe178
commit c49b2d2805
2 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
go_cloud/api
View File

Binary file not shown.

17
go_cloud/internal/http/wopi_handlers.go
View File

@@ -872,21 +872,17 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
return
}
// Build WOPISrc URL (without access_token - Collabora will use Authorization header)
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s", fileID)
// Build WOPISrc URL (include access_token for Collabora)
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken)
// Get the correct Collabora editor URL from discovery (includes version hash)
editorURL := getCollaboraEditorURL(collaboraURL)
// URL-encode the WOPISrc for use in the form action URL (Collabora requires this)
encodedWopiSrc := url.QueryEscape(wopiSrc)
// Build the full Collabora URL with WOPISrc as query parameter
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, encodedWopiSrc)
// WOPISrc is passed unencoded in the query parameter
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, wopiSrc)
// Return HTML page with auto-submitting form
// The form POSTs to Collabora with access_token in the body
// WOPISrc must be in the URL as a query parameter
// No access_token needed in body since it's in WOPISrc
htmlContent := fmt.Sprintf(`<!DOCTYPE html>
<html>
<head>
@@ -904,7 +900,6 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
<p>Loading Collabora Online...</p>
</div>
<form method="POST" action="%s" target="_self" id="collaboraForm" style="display: none;">
<input type="hidden" id="access_token" name="access_token" value="%s">
</form>
<script>
// Auto-submit the form to Collabora
@@ -917,7 +912,7 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
}
</script>
</body>
</html>`, collaboraFullURL, accessToken, collaboraFullURL)
</html>`, collaboraFullURL, collaboraFullURL)
w.Header().Set("Content-Type", "text/html; charset=utf-8")
// Don't set X-Frame-Options - this endpoint is meant to be loaded in an iframe