mirror of
https://github.com/nextcloud/documentation.git
synced 2026-01-03 02:09:45 +07:00
58 lines
1.7 KiB
ReStructuredText
58 lines
1.7 KiB
ReStructuredText
.. _security:
|
|
|
|
========
|
|
Security
|
|
========
|
|
|
|
Remote Host Validation
|
|
----------------------
|
|
|
|
Nextcloud can help validating a remote host so that no internal infrastructure is contacted by user-provided host names or IPs. The validator ``\OCP\Security\IRemoteHostValidator`` can be :ref:`injected<dependency-injection>` into any app class:
|
|
|
|
.. code-block:: php
|
|
|
|
<?php
|
|
|
|
use OCP\Security\IRemoteHostValidator;
|
|
|
|
class MyRemoteServerIntegration {
|
|
private IRemoteHostValidator $hostValidator;
|
|
|
|
public function __construct(IRemoteHostValidator $hostValidator) {
|
|
$this->hostValidator = $hostValidator;
|
|
}
|
|
|
|
public function contactRemoteServer(string $hostname): void {
|
|
if (!$this->hostValidator->isValid($hostname)) {
|
|
// ABORT
|
|
}
|
|
|
|
// Contact the server
|
|
}
|
|
}
|
|
|
|
.. note:: Nextcloud's HTTP clients obtained from ``\OCP\Http\Client\IClientService`` have this validation built in so you don't have to check hosts of HTTP requests as long as you use this provided abstraction.
|
|
|
|
Trusted domain
|
|
----------------
|
|
|
|
In some cases it might be required that an app checks that a user given link is one of the current instance.
|
|
This is possible with the ``OCP\Security\ITrustedDomainHelper``:
|
|
|
|
.. code-block:: php
|
|
|
|
<?php
|
|
|
|
declare(strict_types=1);
|
|
use OCP\Security\ITrustedDomainHelper;
|
|
|
|
$helper = \OC::$server->get(ITrustedDomainHelper::class);
|
|
|
|
// Compare a full URL example given
|
|
$url = 'https://localhost/nextcloud/index.php/apps/files/';
|
|
$helper->isTrustedUrl($url);
|
|
|
|
// Compare a domain and port
|
|
$domain = 'example.tld:8443';
|
|
$helper->isTrustedDomain($domain);
|