At any point, we will want to implement an upload mechanism in our nextcloud integration. Uploads with the Nextcloud API need logic in the frontend, especially for uploading folders or big files that need chunking.

CORS

Nextcloud has a very restrictive CORS policy, forbidding sending requests to the API from browsers, that are not same origin. For the upload, this will be necessary, as mentioned above. The proposed solution is, using the nextcloud extension WebAppPassword to whitelist additional domains to the CORS policy. In a succeeding step we can check the code of the WebAppPassword , to reimplement the configuration of whitelisted domains to eliminate the need of manual configuration.

Authentication

As the authentication is done by the backend (see explanation), the question remains, how the frontend would authenticate an upload request. Here nextcloud's app passwords could solve the issue. Those are generated, permanent passwords, that can be used together with this user's name in a request.

possible workflow

• do everything, that is needed to authenticate in backend (different worklow)
• send request to OP backend asking for access to nextcloud's webdav api for file upload
• backend generates an app password for the linked nextcloud user of the currently logged in OP user
• backend responds with the nc user credentials (username and app password)
• frontend makes upload request
• when frontend is done (success, abort or error) it tells backend to revoke app password und invalidate the access
• HINT: backend would need to revoke access in any case, even when frontend doesn't come back with success. After a fixed time?