Cannot "Share Link" on any folder/file on External Storage (UNAUTHORIZED WOPI HOST error)

[busted-it-guy]

Steps to reproduce

1. Install Nextcloud and Collabora
2. Once you can live edit between users logged in and you know the Collabora functionality is working, select the "Share Link" on a spreadsheet file that is using the "External Storage Support" app (with or without editing, doesn't matter), and copy the link into an incognito window
3. Try to access the link

Expected behaviour

Tell us what should happen

The spreadsheet should open up and allow editing

Actual behaviour

Tell us what happens instead

The Collabora interface comes up as if it is going to open the spreadsheet, but you receive "Unauthorized WOPI host. Please try again later and report to your administrator if the issue persists."

If you use the "share link" on a test spreadsheet inside the user home folder or personal folders (not external), you are able to live edit the file with no issues via the "Share Link"

Server configuration

Operating system: Ubuntu 16.04.02

Web server: Apache 2.4.18

Database: MariaDB

PHP version: 7.0.18

**Nextcloud version: 12.0.0

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh Install

Where did you install Nextcloud from:
Followed tutorial:

https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

No errors have been found
.
</details>

**List of activated apps:**
<details>
<summary>App list</summary>

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

</details>

**The content of config/config.php:**
<details>
<summary>Config report</summary>

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

"Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /var/www/nextcloud/lib/private/Console/Application.php:145
Stack trace:
#0 /var/www/nextcloud/console.php(91): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /var/www/nextcloud/occ(11): require_once('/var/www/nextcl...')
"

This error above is thrown because I am testing with 777 but if I set it to 770, I get the error "Internal Server Error" and not the current "Unauthorized WOPI host"

Are you using external storage, if yes which one: local/smb/sftp/...
SMB/CIFS as well as "local" to point to a mount point.

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
For some installations I have LDAP, but with the last few test installs I have had only local authentication enabled

Client configuration

Browser:
Any

Operating system:
Any

Logs

Web server error log

Web server error log

``` Insert your webserver log here ```

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

config.php info

``` 'ocqoowv5yrwv', 'passwordsalt' => 'oycJMmsh3456j3R+Veu8KVjS', 'secret' => 'kADb5A8fqdqewfFlt2j8//Nq4KWYjDEY2NRITGNJ57rupFI0UYO4hyte', 'trusted_domains' => array ( 0 => 'digitalfile.mydomain.com', ), 'datadirectory' => '/var/www/nextcloud-data/', 'overwrite.cli.url' => 'http://digitalfile.mydomain.com', 'dbtype' => 'mysql', 'version' => '12.0.0.29', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextclouduser', 'dbpassword' => 'my-db-password', 'installed' => true, ```

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` The output of your Nextcloud log in Admin > Logging:

Error files Backends provided no user object for 2017-05-31T09:49:27-0500
Error files Backends provided no user object for 2017-05-31T09:45:08-0500
Error files Backends provided no user object for 2017-05-31T09:30:55-0500
Error files Backends provided no user object for 2017-05-31T08:58:16-0500
Error files Backends provided no user object for 2017-05-31T08:57:05-0500
Error files Backends provided no user object for 2017-05-31T08:48:36-0500
Error files Backends provided no user object for 2017-05-31T08:48:00-0500

</details>

#### Apache error log
<details>
<summary>Apache Error Log</summary>

[Wed May 31 07:36:23.593546 2017] [mpm_event:notice] [pid 3725:tid 140150741120896] AH00489: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Wed May 31 07:36:23.593685 2017] [core:notice] [pid 3725:tid 140150741120896] AH00094: Command line: '/usr/sbin/apache2'
[Wed May 31 07:41:15.895213 2017] [mpm_event:notice] [pid 3725:tid 140150741120896] AH00491: caught SIGTERM, shutting down
[Wed May 31 07:41:16.990269 2017] [mpm_prefork:notice] [pid 13889] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Wed May 31 07:41:16.990362 2017] [core:notice] [pid 13889] AH00094: Command line: '/usr/sbin/apache2'
[Wed May 31 07:41:18.430652 2017] [mpm_prefork:notice] [pid 13889] AH00169: caught SIGTERM, shutting down
[Wed May 31 07:41:19.700143 2017] [mpm_prefork:notice] [pid 13999] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Wed May 31 07:41:19.700206 2017] [core:notice] [pid 13999] AH00094: Command line: '/usr/sbin/apache2'
[Wed May 31 07:41:45.258897 2017] [mpm_prefork:notice] [pid 13999] AH00169: caught SIGTERM, shutting down
[Wed May 31 07:41:46.413058 2017] [mpm_prefork:notice] [pid 16405] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Wed May 31 07:41:46.413126 2017] [core:notice] [pid 16405] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 09:00:11.354334 2017] [mpm_prefork:notice] [pid 16405] AH00169: caught SIGTERM, shutting down
[Thu Jun 01 09:00:12.464774 2017] [mpm_prefork:notice] [pid 21968] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 09:00:12.464862 2017] [core:notice] [pid 21968] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 09:51:21.362728 2017] [mpm_prefork:notice] [pid 21968] AH00169: caught SIGTERM, shutting down
[Thu Jun 01 09:51:58.512394 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 09:51:58.561522 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:01:17.702667 2017] [mpm_prefork:notice] [pid 1246] AH00171: Graceful restart requested, doing restart
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 01 10:01:17.784676 2017] [ssl:warn] [pid 1246] AH01906: fc679a5a7dea26dc414127a87f7c7895.1f145eabeada66f9ae9aed42f2eaa8e3.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 01 10:01:17.784823 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:01:17.784831 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:01:24.017695 2017] [mpm_prefork:notice] [pid 1246] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 01 10:01:24.092194 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:01:24.092216 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:01:24.839848 2017] [mpm_prefork:notice] [pid 1246] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 01 10:01:24.911334 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:01:24.911349 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:01:41.705900 2017] [mpm_prefork:notice] [pid 1246] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 01 10:01:41.777610 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:01:41.777627 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:02:30.205863 2017] [mpm_prefork:notice] [pid 1246] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 01 10:02:30.286307 2017] [mpm_prefork:notice] [pid 1246] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:02:30.286326 2017] [core:notice] [pid 1246] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:19:04.740071 2017] [mpm_prefork:notice] [pid 1246] AH00169: caught SIGTERM, shutting down
[Thu Jun 01 10:22:38.535060 2017] [mpm_prefork:notice] [pid 6800] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:22:38.535128 2017] [core:notice] [pid 6800] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:22:55.813179 2017] [mpm_prefork:notice] [pid 6800] AH00169: caught SIGTERM, shutting down
[Thu Jun 01 10:23:39.948062 2017] [mpm_prefork:notice] [pid 1380] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:23:39.959632 2017] [core:notice] [pid 1380] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 01 10:24:11.429947 2017] [proxy_http:error] [pid 1790] (103)Software caused connection abort: [client 192.168.50.146:36082] AH01102: error reading status line from remote server 127.0.0.1:9980
[Thu Jun 01 10:24:11.430009 2017] [proxy:error] [pid 1790] [client 192.168.50.146:36082] AH00898: Error reading from remote server returned by /hosting/discovery
[Thu Jun 01 10:24:27.083983 2017] [proxy_http:error] [pid 1443] (103)Software caused connection abort: [client 192.168.50.146:36088] AH01102: error reading status line from remote server 127.0.0.1:9980
[Thu Jun 01 10:24:27.084022 2017] [proxy:error] [pid 1443] [client 192.168.50.146:36088] AH00898: Error reading from remote server returned by /hosting/discovery
[Thu Jun 01 10:27:03.885744 2017] [mpm_prefork:notice] [pid 1380] AH00169: caught SIGTERM, shutting down
[Thu Jun 01 10:27:47.994886 2017] [mpm_prefork:notice] [pid 1371] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Jun 01 10:27:48.004119 2017] [core:notice] [pid 1371] AH00094: Command line: '/usr/sbin/apache2'

Docker log

Docker log

``` wsd-00026-00040 14:44:54.863540 [ docbroker_002 ] ERR Socket #19 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255 wsd-00026-00040 14:44:54.863652 [ docbroker_002 ] ERR Socket #19 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273 wsd-00026-00040 14:44:54.863722 [ docbroker_002 ] WRN ToClient-0004: Exception while closing socket for docKey [digitalfile.my-domain.com:443/index.php/apps/richdocuments/wopi/files/148_ocqoowv5yrwv]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:805 wsd-00026-00027 14:44:54.870671 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_002], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:44:54.870722 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_002], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:44:54.870792 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_002], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:44:54.870839 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_002], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00034 14:45:07.758268 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:317 wsd-00026-00050 14:45:08.026504 [ docbroker_003 ] ERR WOPI::CheckFileInfo failed and no JSON payload returned. Access denied.| wsd/Storage.cpp:496 wsd-00026-00050 14:45:08.026611 [ docbroker_003 ] ERR Error while handling loading : Access denied.| wsd/LOOLWSD.cpp:2113 wsd-00026-00050 14:45:08.027202 [ docbroker_003 ] WRN Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:285 wsd-00026-00050 14:45:08.041700 [ docbroker_003 ] WRN Child session [000a] not found to forward message: load url=https://digitalfile.my-domain.com/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv?access_token=NQyZu0yiZTYdOVlNkva21khvR1Ut5Xgb&access_token_ttl=0&permission=edit readonly=0 lang=en| wsd/DocumentBroker.cpp:1272 wsd-00026-00050 14:45:08.042720 [ docbroker_003 ] ERR Socket #15 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255 wsd-00026-00050 14:45:08.042818 [ docbroker_003 ] ERR Socket #15 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273 wsd-00026-00050 14:45:08.042939 [ docbroker_003 ] WRN ToClient-000a: Exception while closing socket for docKey [digitalfile.my-domain.com:443/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:805 wsd-00026-00027 14:45:08.043590 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_003], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:45:08.043669 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_003], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:45:08.043744 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_003], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:45:08.043842 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_003], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00034 14:49:27.251957 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:317 wsd-00026-00054 14:49:27.560354 [ docbroker_004 ] ERR WOPI::CheckFileInfo failed and no JSON payload returned. Access denied.| wsd/Storage.cpp:496 wsd-00026-00054 14:49:27.560465 [ docbroker_004 ] ERR Error while handling loading : Access denied.| wsd/LOOLWSD.cpp:2113 wsd-00026-00054 14:49:27.561156 [ docbroker_004 ] WRN Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:285 wsd-00026-00054 14:49:27.584129 [ docbroker_004 ] WRN Child session [000d] not found to forward message: load url=https://my-domain.robbinskersten.com/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv?access_token=8xvjj9MLlpPD2OityIV1rxOIxpJRnlGO&access_token_ttl=0&permission=edit readonly=0 lang=en| wsd/DocumentBroker.cpp:1272 wsd-00026-00054 14:49:27.598355 [ docbroker_004 ] ERR Socket #19 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255 wsd-00026-00054 14:49:27.599102 [ docbroker_004 ] ERR Socket #19 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273 wsd-00026-00054 14:49:27.599619 [ docbroker_004 ] WRN ToClient-000d: Exception while closing socket for docKey [digitalfile.my-domain.com:443/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:805 wsd-00026-00027 14:49:27.600020 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_004], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:49:27.600214 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_004], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:49:27.600320 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_004], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:49:27.600407 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_004], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00034 14:53:24.453986 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:317 wsd-00026-00058 14:53:24.705373 [ docbroker_005 ] ERR WOPI::CheckFileInfo failed and no JSON payload returned. Access denied.| wsd/Storage.cpp:496 wsd-00026-00058 14:53:24.705506 [ docbroker_005 ] ERR Error while handling loading : Access denied.| wsd/LOOLWSD.cpp:2113 wsd-00026-00058 14:53:24.708928 [ docbroker_005 ] ERR #15: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:909 wsd-00026-00058 14:53:24.709122 [ docbroker_005 ] WRN Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:285 wsd-00026-00058 14:53:24.709688 [ docbroker_005 ] ERR #15: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:909 wsd-00026-00058 14:53:24.709830 [ docbroker_005 ] WRN Child session [000f] not found to forward message: load url=https://digitalfile.my-domain.com/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv?access_token=m5cmCGZzXJ3SnpDjmWoAsUAY5WRoWCFz&access_token_ttl=0&permission=edit readonly=0 lang=en| wsd/DocumentBroker.cpp:1272 wsd-00026-00058 14:53:24.723520 [ docbroker_005 ] ERR Socket #19 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255 wsd-00026-00058 14:53:24.723720 [ docbroker_005 ] ERR Socket #19 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273 wsd-00026-00058 14:53:24.723835 [ docbroker_005 ] WRN ToClient-000f: Exception while closing socket for docKey [digitalfile.my-domain.com:443/index.php/apps/richdocuments/wopi/files/141_ocqoowv5yrwv]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:805 wsd-00026-00027 14:53:24.724025 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_005], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:53:24.724270 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_005], started: true, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:53:24.724429 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_005], started: false, finished: true| ./net/Socket.hpp:507 wsd-00026-00027 14:53:24.724467 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_005], started: false, finished: true| ./net/Socket.hpp:507 ```

[busted-it-guy]

The problems I am having can be found in detail via the support forum:

https://help.nextcloud.com/t/unauthorized-wopi-host-using-share-link-on-any-files-folders-connected-via-the-external-storage-support-app/13423

[busted-it-guy]

The workaround to the issue (a HORRIBLE/UNMANAGEABLE workaround) is to add a line for each user in /etc/fstab to mount the share folder in EACH INDIVIDUAL user folder. When I do this, users are able to access the shared folder, Share Link, and then anyone can access that link and live edit.

//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user1/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0
//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user2/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0
//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user3/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0
//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user4/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0
//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user5/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0
//servername.domain.local/Share /var/www/nextcloud-data/UUID-for-user6/files/Share cifs gid=www-data,dir_mode=0755,uid=www-data,sec=ntlm,credentials=/home/it/.smbcredentials,iocharset=utf8,file_mode=0755,vers=2.0 0 0

[busted-it-guy]

in the reddit.com forums, I have found someone to test and they receive the same docker errors as me

https://www.reddit.com/r/NextCloud/comments/6efxlt/collabora_issue_unauthorized_wopi_host_using/

[busted-it-guy]

I will try that out. Get back with you shortly

[busted-it-guy]

not sure if I am posting in the right location so putting it here too. Let me know which one you would like me to continue on

Just to make sure I am understanding, I should make sure the owner of the files/directories in Windows ntfs permissions is the user I am mounting the share folder with?

I just tried it and I am still getting the Unauthorized WOPI host even after reboot.

I went to the security tab in the windows folder I am sharing. I set the Owner of the folder and everything below it to a username named filetransfer. That is the domain credential I use to mount the SMB share via the External Storage Support application. I have also tried to use the External Storage Support application to mount local storage that is mounted to the smb location. The domain is domain.local in this example. The server is servername.

External Storage Support app settings:
Folder name = Folder
External Storage = SMB/CIFS
Authentication = Username and Password
Host = servername.domain.local
Share = Folder
Domain = domain.local
Username = filetransfer
Password = (Password from Active Directory confirmed working)

In the Security tab, under Advanced button> Owner tab> Owner = filetransfer (filetransfer@domain.local)
All Files and folders below that folder also reflect this

My permissions in the mount I connected to /mnt/folder is

-rwxr-xr-x 1 www-data www-data

..but that shouldn't matter because I get the same results whether I point to a local mount point or if I use the SMB/CIFS option and put in the settings above.

What do you think?

[busted-it-guy]

Well here is something to narrow it down.

I tried to use the "External Storage Support" application to attach local storage. The local storage I created was at /home/test. I gave chmod 777 to it and chowner is www-data:www-data.

I can edit the files logged in with no issue. If I "Share Link" and attempt to use that link anywhere else I get the UNAUTHORIZED WOPI HOST.. message.

So with no SMB/CIFS in the mix, attached local storage from /home/test will give the same error if you try to access the share link without being logged in.

[pranavk]

This is fixed. See PR reference above.