Installing 8.0.2 broke my OnlyOffice integration. Trying to open any document leads to: “Sicherheitstoken des Dokuments ist nicht korrekt. Wenden Sie sich an Ihren Systemadministrator” (in english: “The documents security token is not correct. Please contact your system administrator.”
The security token is defined in seahub_settings.py:
# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = ‘https://mydomain.mydyndns.com/onlyofficeds/web-apps/apps/api/documents/api.js’
ONLYOFFICE_FILE_EXTENSION = (‘doc’, ‘docx’, ‘ppt’, ‘pptx’, ‘xls’, ‘xlsx’, ‘odt’, ‘fodt’, ‘odp’, ‘fodp’, ‘ods’, ‘fods’)
ONLYOFFICE_EDIT_FILE_EXTENSION = (‘docx’, ‘pptx’, ‘xlsx’)
ONLYOFFICE_JWT_SECRET = ‘mySecret’
For OnlyOffice I use a custom local.json where the security token is defined:
{
“services”: {
“CoAuthoring”: {
“sql”: {
“type”: “postgres”,
“dbHost”: “localhost”,
“dbPort”: “5432”,
“dbName”: “onlyoffice”,
“dbUser”: “onlyoffice”,
“dbPass”: “onlyoffice”
},
“redis”: {
“host”: “localhost”
},
“token”: {
“enable”: {
“request”: {
“inbox”: true,
“outbox”: true
},
“browser”: true
},
“inbox”: {
“header”: “Authorization”
},
“outbox”: {
“header”: “Authorization”
}
},
“secret”: {
“inbox”: {
“string”: “mySecret”
},
“outbox”: {
“string”: “mySecret”
},
“session”: {
“string”: “mySecret”
}
}
}
},
“rabbitmq”: {
“url”: “amqp://guest:guest@localhost”
}
}
OnlyOffice docker is started like this:
sudo docker run -dit -p 88:80 -v /home/seafile/conf/local.json:/etc/onlyoffice/documentserver/local.json --restart always --name oods onlyoffice/documentserver
Deactivating the security token brings OnlyOffice back to life, but of course I’m not keen on leaving the access unsecured.
Where should I start investigating?