From 59589cd7d33ba270fddab8d70af213b3c43c2efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 15 Oct 2024 16:49:57 +0200
Subject: [PATCH] use secure config defaults for OCM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 changelog/unreleased/secure-ocm-by-default.md     | 4 ++++
 services/ocm/pkg/config/defaults/defaultconfig.go | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/secure-ocm-by-default.md

diff --git a/changelog/unreleased/secure-ocm-by-default.md b/changelog/unreleased/secure-ocm-by-default.md
new file mode 100644
index 00000000000..d7948432ad5
--- /dev/null
+++ b/changelog/unreleased/secure-ocm-by-default.md
@@ -0,0 +1,4 @@
+Bugfix: use secure config defaults for OCM
+
+https://github.com/owncloud/ocis/pull/10307
+
diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go
index 1b4cdae30c5..34fec3570e8 100644
--- a/services/ocm/pkg/config/defaults/defaultconfig.go
+++ b/services/ocm/pkg/config/defaults/defaultconfig.go
@@ -109,7 +109,8 @@ func DefaultConfig() *config.Config {
 		OCMProviderAuthorizerDriver: "json",
 		OCMProviderAuthorizerDrivers: config.OCMProviderAuthorizerDrivers{
 			JSON: config.OCMProviderAuthorizerJSONDriver{
-				Providers: filepath.Join(defaults.BaseConfigPath(), "ocmproviders.json"),
+				Providers:             filepath.Join(defaults.BaseConfigPath(), "ocmproviders.json"),
+				VerifyRequestHostname: true,
 			},
 		},
 		OCMShareProvider: config.OCMShareProvider{