Hello, when I learned more about OnlyOffice, I found this, maybe it will meet your need without change Seafile code (or wait for the future version).
Later we will implement a more advanced solution JWT and inform you about it.
In the current version of DS you may restrict access from alternative file storages by editing Document Server configuration file /etc/onlyoffice/documentserver/default.json. Find the section 'filter' and change it to the following look :
After editing configuration file use the command 'supervisorctl restart all'.
As you are using Docker version at first enter the container with 'docker exec -it container_ID /bin/bash' and then perform previously mentioned operations.
Thank you for the interest in ONLYOFFICE.
And we will look into the JWT token solution later if it is necessary.
Thanks for the info but it is necessary to implement the token solution. Changing the code inside the docker containers is not a solution and could be incompatible any time.
There are updates for the docker images and they are replaced entirely for the document server. Messing with the code is not a good idea.
I have tested editing the .json file in the docker image, and whilst it does seem to work, like @DerDanilo says, this isn’t a supported change of config to the container and any future update may alter this leaving the deployment open again without any notification.
The PR linked above is now outdated. Is there any interest in reviving it?
Right now, anyone can open a document for viewing and switch to editing, or guess the key (it’s computed from public information) and connect directly to OnlyOffice. Moreover, it’s easy for a user to change their username. These are rather big security flaws.
i dont think that this really does the trick.
Most users uses the recommended way with docker and nginx reverse proxy, If you now limit the onlyoffice to 127.0.0.1 or a domain its still exposed because the reverse proxy itself can still access it (and there is no way to change this because the user has to access the server).
you can only limit access if the onlyoffice and seafile server share a private secret.