- Collabora Online requires POST request with WOPISrc in form body
- GET requests with query parameters cause 400 Bad Request
- Using modern /cool/ endpoint with form submission to iframe
- Use window load event to ensure form element exists before submission
- Add allow-popups-to-escape-sandbox for cross-origin form POSTs
- Add allow-presentation for better compatibility
- Improved error logging for debugging form submission issues
- Collabora requires POST request to /loleaflet/dist/loleaflet.html
- WOPISrc must be in request body as form parameter
- Form targets iframe by name for proper document loading
- Matches WOPI/Collabora standard integration pattern
- Changed from form POST submission to direct iframe load
- WOPISrc goes in Collabora URL query string, not as form parameter
- This matches Collabora's expected request format for WOPI integration
- The collaboraProxyHandler endpoint is intentionally meant to load in an iframe
- X-Frame-Options: SAMEORIGIN was blocking cross-origin iframe loads
- Removed the header to allow the Flutter web frontend to embed the proxy page
Go backend:
- Fix WOPI models file (remove duplicate package declaration and syntax errors)
- Add GetOrgMember method to database as alias for GetUserMembership
- Add UpdateFileSize method to database
- Remove unused net/url import from wopi_handlers.go
- Fix field names in WOPI struct initializers (match JSON tags)
Flutter frontend:
- Remove webview_flutter import (use simpler placeholder for now)
- Fix _createWOPISession to safely access SessionBloc state
- Replace WebViewController usage with placeholder UI
- Remove unused _generateRandomHex methods from login/signup forms
- Add missing mimeType parameter to DocumentCapabilities in mock repository
- Remove unused local variables in file_browser_bloc
- Add GenerateWithDuration method to JWT manager to support custom expiration times
- Update viewerHandler and userViewerHandler to generate viewer-specific tokens with 24-hour expiration
- This fixes the issue where PDF viewer fails due to token expiration within 15 minutes
- Add [VIEWER-SESSION] logging to track viewer session creation
- Tokens now remain valid long enough for users to view, navigate, and interact with PDFs
- Clear file lists in ResetFileBrowser to prevent org files showing in personal workspace
- Include JWT token as query parameter in PDF download URL for viewer compatibility
- Remove Authorization header from SfPdfViewer (browser security restrictions)
- Fix mock repository EditorSession to include required token parameter
- Export ContextKey type and context keys from middleware package
- Use exported keys (UserKey, SessionKey, TokenKey, OrgKey) in handlers
- Fixes panic: interface conversion: interface {} is nil, not uuid.UUID
- The middleware was setting context with contextKey type but handlers
were retrieving with string type, causing nil value lookup failure
- Replace manual form encoding with url.Values.Encode() for proper URL encoding
- Fixes issue where passwords with special characters were malformed
- Ensures password sent to Nextcloud matches password stored in database
- This fixes WebDAV authentication failures for auto-provisioned users
