I’m setting up NextCloud Office, backed by a self-hosted CODE server. It works, but I’m kind of confused by how security is supposed to work. As far as I can see, anybody can access the CODE server without authentication. The coolwsd config does not specify a way to authenticate the NextCloud server; NextCloud’s Office settings don’t specify a way to authenticate the CODE server.
There is the frame_ancestors config, but it doesn’t seem to do anything: if I set it to a domain that’s not my NextCloud domain, then Collabora still loads even though it shouldn’t.
There are also IP whitelists, but as far as I can see they only whitelist users’ IPs, not the NextCloud server’s IP, so this setting is also not useful to me.
Collabora Online uses an adapted versions of the WOPI standard protocol, and we can use data stores which can provide their own policies. When your document data comes down into Collabora Online we isolate and protect your document in your on-premise server inside a series of concentric security onion
shells:
Collabora keeps your document data on the server, and can send only tiled images to the client. These can also be watermarked with the viewer’s name. With granular permissions to restrict copy & paste, download, print and so on – Collabora protects your documents like no other.
Collabora system can’t access Nextcloud files “itself”… only once a user starts editing Nextcloud provides specially crafted URL with access information which is used by Collabora to access this specific file.
you can understand the process better if you monitor your browser log, Nextcloud and Collabora access logs - then it’s pretty clear access is only given to specific document while editing…
