Warning about OnlyOffice security in yunohost

My YunoHost server

Hardware: VPS bought online /
YunoHost version: 4.1.8

Description of my issue

I don’t have a question, rather a ‘bug’ or vulnerability warning.

When I enabled OnlyOffice in mydomain.com/nextcloud and entered the server url onlyoffice.mydomain.com and everything worked. When I did the same in another nextcloud instance on a completely other server at nextcloud.otherdomain.com it worked too! Now anyone who guesses onlyoffice.mydomain.com can use that instance. Not good!

Turns out one can/need te set a password and set authorization to ‘true’ like showed here:

The password can be added in Nextcloud just below the server address.
This seems rather important to me.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.