Support /.well-known/change-password URL #22981
Conversation
…thub.io/change-password-url/ Signed-off-by: Christoph Loy <loy.christoph@gmail.com>
|
I guess it will also need an update to the docs for nginx |
rullzer
requested review from
MorrisJobke,
juliusknorr,
kesselb,
nickvergessen and
ChristophWurst
If nextcloud is hosted at a path inside a server (e.g. www.example.com/cloud/) or behind a reverse-proxy, then the ".well-known" redirects need to be added to the host webserver configuration, so the docs would require updating for apache, etc, as well as nginx. |
As suggested by @juliushaertl and @brad2014 Signed-off-by: Christoph Loy <loy.christoph@gmail.com>
|
@rullzer @brad2014 So, should I also open a PR at nextcloud/documentation? Also, do you understandy why CI fails? |
|
The CI failure is random and unrelated |
There was a problem hiding this comment.
Servers should redirect HTTP requests for an origin’s change password url to the actual page on which users may change their password by returning a response with a redirect status of 302, 303, or 307, and a Location header. [FETCH] [HTTP-SEMANTICS] Clients must handle such redirects when requesting a change password url.
Note: The above paragraph restricts servers to using temporary redirect codes. See Issue 13.
https://w3c.github.io/webappsec-change-password-url/#semantics / w3c/webappsec-change-password-url#13
|
It's best if we add a handler based on the new API from #24702, then no special web server config will be requried. |
Implemente, so this one can be closed, right? |
Google Chrome (since v86) as well as safari and the iCloud keychain support the .well-known/change-password URL.
This PR adds support for that to nextcloud by modifying the default
.htaccessfile.This is my first PR to nextcloud, so feedback is appreciated