Add files tor the code integrity check or exlude it entirely

Hi,

I want to add files, which will be included for the code integrity check.
In fact, its a folder “ajax” with external linked files from collabora, which I need to host locally. (no external connection)
Originating, they are from cloudflare and googleapis.
Because of that, nextcloud always moarn about the files, so I am looking for a possibility to include the files with a hash, or tell the check it should skip that folder.

Is there a way to do that?

Instead of fixing it yourself, I would rather ask to add an option to host these files on your own. Nextcloud also cares about the user’s privacy so it shouldn’t leak any information to cloudflare or google. Nextcloud states on its startpage:

A safe home for all your data
Access, share and protect your files, calendars, contacts, communication & more at home and in your enterprise.

@jospoortvliet @MorrisJobke

@tflidd @jospoortvliet @MorrisJobke

I already posted that several weeks ago here:

So I thought, no one gives a shit about that.
Additional to that I had to explain to another guy here, what “came into my mind” complaining about external included files, and I expose myself to everyone anyway so this has no use.

As I found out, they removed the googleapis in the 2.0.0 version, I still have to check the latest update.
But the cloudflare link is still yet inside /usr/share/loolwsd/loleaflet/dist/bundle.js

I don’t know where all the collabora stuff is managed and if we have a bug tracker for that?

If you don’t get an answer soon, you can try to ask via IRC during the week, there should be some team-members of Nextcloud who should be able to point you to the right direction.

as I see at https://www.collaboraoffice.com/code/ Edit: okay I found their bugzilla page.
But I don’t know if that counts as a bug.
Which IRC do you mean? I didn’t know, that you have an IRC support.

IRC channel can be found here https://nextcloud.com/contribute/

here is a new attack vector if you include external code:
https://samy.pl/poisontap/

Yes, it is there. It is coming from node_modules/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.js, a 3rd party js lib. But as far as I’m concerned, we are not getting the required jquery-mousewheel from cloudflare, because we have it locally. I don’t see downloads from cloudflare in browser’s Network Monitor.