My YunoHost server
Hardware: VPS bought online /
YunoHost version: 4.1.8
Description of my issue
I don’t have a question, rather a ‘bug’ or vulnerability warning.
When I enabled OnlyOffice in mydomain.com/nextcloud and entered the server url onlyoffice.mydomain.com and everything worked. When I did the same in another nextcloud instance on a completely other server at nextcloud.otherdomain.com it worked too! Now anyone who guesses onlyoffice.mydomain.com can use that instance. Not good!
Turns out one can/need te set a password and set authorization to ‘true’ like showed here:
https://api.onlyoffice.com/editors/signature/
The password can be added in Nextcloud just below the server address.
This seems rather important to me.