From 09eebe3feafe27e6bb9067997bfc72b71aecdbea Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 7 Dec 2021 14:29:58 +0100
Subject: [PATCH] Add documentation about OCP\Security\ITrustedDomainHelper

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 developer_manual/digging_deeper/index.rst    |  1 +
 developer_manual/digging_deeper/security.rst | 28 ++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 developer_manual/digging_deeper/security.rst

diff --git a/developer_manual/digging_deeper/index.rst b/developer_manual/digging_deeper/index.rst
index 83aaf92ce..0387a48b0 100644
--- a/developer_manual/digging_deeper/index.rst
+++ b/developer_manual/digging_deeper/index.rst
@@ -27,3 +27,4 @@ Digging deeper
    groupware/index
    web_host_metadata
    status
+   security
diff --git a/developer_manual/digging_deeper/security.rst b/developer_manual/digging_deeper/security.rst
new file mode 100644
index 000000000..4ff169715
--- /dev/null
+++ b/developer_manual/digging_deeper/security.rst
@@ -0,0 +1,28 @@
+.. _security:
+
+========
+Security
+========
+
+Trusted domain
+----------------
+
+In some cases it might be required that an app checks that a user given link is one of the current instance.
+This is possible with the ``OCP\Security\ITrustedDomainHelper``:
+
+.. code-block:: php
+
+    <?php
+
+    declare(strict_types=1);
+    use OCP\Security\ITrustedDomainHelper;
+
+    $helper = \OC::$server->get(ITrustedDomainHelper::class);
+
+    // Compare a full URL example given
+    $url = 'https://localhost/nextcloud/index.php/apps/files/';
+    $helper->isTrustedUrl($url);
+
+    // Compare a domain and port
+    $domain = 'example.tld:8443';
+    $helper->isTrustedDomain($domain);