Make Nextcloud a great image hosting/upload service #2523
Comments
eppfel
added
0. Needs triage
|
Creating such an URL should be doable. But I have no idea how to do the US there. |
|
This is done by intention. Serving the content as inline content would allow XSS attacks. To properly do this we should serve raw content from a different domain. (Like the githubusercontent domain here on Github) |
|
Correct. We need a separate domain or only allow this for images that we have re-encoded. (e.g. passed through our preview class) |
|
So a preview endpoint sounds sane to me - but what is the expected behaviour if we can't generate one? Error message? File icon? |
|
just a 404? |
|
Hi: |
That is not possible for security reasons without having a usercontent domain as @MorrisJobke in #2523 (comment) pointed out. Even then, I highly doubt that we're going to do that for phishing protection etc… |
eppfel
added
1. to develop
|
And could it be possible to replicate the content in a public folder of the server and offer the user the public link? |
|
So there is absolutely no other way to do this? Because then a normal person just installing their Nextcloud on shared hosting or such can’t really be expected to configure another subdomain just for image embedding. :\ |
As long as we re-encode images that is fine, see #2523 (comment). But we can't serve user content directly without any re-encoding. Thus this will only work for some limited file types, basically those that we can preview already. |
|
@LukasReschke well that does cover the most important file types, images in particular. |
|
But the public folder could be created in the installation process and a subfolder could be created by the system for each user (or just for some users with public publishing priviledges). The copy would be managed by the local external storage mechanism and the system could offer public link (right click menu). |
|
@jm-andonegi I think the discussion shows, this is a different topic. I think there was already a similar request in another issue. Please search for it or open a new issue, so we can focus on the image previews here. Thx 😉 |
|
Sorry. Just thought both needs could be solved the same way. I didn't find any issue about HTML files so I opened a new one here. |
|
Totally agree with @jospoortvliet:
This is completely fine. Takes care of bitmap images and even some other things. |
|
Seafile allows direct links to files (like JPG and CSS), from the same domain. Does that mean it is vulnerable? In what kind of scenario should I be worried about this? |
I don't comment on Seafile security but I'd encourage them to seriously reconsider doing this. Also it wouldn't be the first time that we've found a vulnerability in Seafile: https://seacloud.cc/group/3/wiki/security-records But honestly, I don't have any time to look in detail at Seafile security. |
|
@LukasReschke Oh, yes, I'm sorry, I didn't mean it that way. I was just wondering whether any kind of service that allows direct file links is insecure. And I was wondering in what kind of situation this might be exploited in practice. |
|
It would be great to have this feature in Nextcloud. This feature is already available in Direct link to image in Direct link to image in |
|
Actually, it would be good to look into the oEmbed specs for this purpose.
|
|
It feels this feature has been pushed in the background. I was wondering what the current status and where it is currently on the roadmap. |
|
@io-node 90% of efforts right now are still focused on bugfixing, making 12.0.1 as good as possible. I guess around the conference efforts will move to shiny new things like this... |
|
What is the roadmap about this feature? Would be nice if this worked. Easier sharing Gallery to my Wordpress Blog. |
|
@Happyfeet01 from what I can tell this isn't a customer requirement so it depends on somebody willing to put in his/her free time. And until somebody steps up to do that, the ETA is essentially infinite :( I had hoped we'd have some time at the conf and maybe somebody did but I didn't discuss it with anyone... |
|
Pull request at #6599, everyone please review. :) |
|
Any news on this? I want to serve a .json file directly with a url that ends like this https://nextcloud.com/file.json. Is it possible ? Example: http://softwarebakery.com/apps/drivedroid/repositories/main.json |
|
@Nottt This is closed issue. What kind of news do you expect? By the way, hosting files on the same domains, as NextCloud may be security issue. You can always have related domain / subdomain, and configure Apache / Nginx / ... to point to one of your data (sub)folder in NextCloud and enable Indexes for that location. |
not really, since nextcloud (by default) modifies access bits of data folder (to 770): server/lib/private/legacy/util.php Line 1001 in e9c6ec4 unless you are running httpd as same user as your php process, which is usually bad idea. tho, looks like you can turn it off using YMMV, of course. and sorry for spamming in closed issue. |
|
Has the work on this feature been dropped? It seems to me like it would be super valuable. I've been using github gists to sync some custom css styling for Vscode but every time I change I have to change the url and stuff in my settings.json. I used to have it pointed to the local version of the file but that became a problem when switching between linux windows environments that didn't necessarily have the same local path. |
No. This feature request was about "Make Nextcloud a great image hosting/upload service" and has been resolved with #6599. When you think that the image hosting feature should be extended to show insert your filetype here as well you may open a new feature request for it. |
|
Okay cool thanks. I see how the preview thing works now. Doesn't work with raw text files so I'll put up a request. Thanks! |
|
Not sure where this preview option is available, a currently sharing a file leads to a page but services and apps like WhatsApp can't load a preview this way |
yeh, we need a link ending with the image extension, i can't use the preview link in some websites as embed |
@jospoortvliet mentioned in #1472 it would be nice to serve images directly from Nextcloud to embed them in forums/github/etc.
Besides the image preview generated by Nextlcoud, there is the, not so obvious, direct /download shortcut you can add to share links:
So this:
Creates this:
But the file is just downloaded by github, instead of directly served by my cloud.Embedding in HTML does not work this way.Edit: The file is downloaded each time, but served from a github domain
https://camo.githubusercontent.com/521c7650d7f562c307edee29b2366e98ce7249bf/68747470733a2f2f6570702e636c6f75642f732f4842586b32487939426b57304754632f646f776e6c6f6164. Problem now is, that my activity feed is flooded. Removed the direct link.Maybe we could create something like:
https://epp.cloud/s/HBXk2Hy9BkW0GTc/previewor even with image resize:
https://epp.cloud/s/HBXk2Hy9BkW0GTc/720pFrom users POV this would need to be possible without fiddling with the url itself. @nextcloud/designers
@nextcloud/sharing Thoughts?
The text was updated successfully, but these errors were encountered: