Allow post request for password transfer

I use a NextcloudPi version with Nextcloud18 installed. I would like to have a shared file with a password protection.
Then I want to send a Post-Request to the Share Link with the post parameter “password” that contains the share password, so the user does not have to type in the password.

I have read in the following thread, that this should be possible, but when I try the following error happens:

It is hosted on apache2 and the output of “curl -i -X OPTIONS https://…” is:
HTTP/2 200
date: Mon, 04 Jan 2021 15:28:38 GMT
server: Apache
strict-transport-security: max-age=15768000; includeSubDomains; preload
content-length: 0
content-type: text/html

Would be really cool if you coud help me!

In Firefox Network Analysis (F12) i found this post-request on test server:

A lot of cookies (i think from the original site where i entered the password)

__Host-nc_sameSiteCookielax “true”
__Host-nc_sameSiteCookiestrict “true”
oc_sessionPassphrase “UkqbQM65ZUucbtHbI7wN+1Gp5uEfc/F1k7BdR5uZpRz/kPDuaayAcuC5BL5IzHtSDon6jctWi6p0YZIShxNYD/sYJ07m6MtvxHfV1WcVWKj2Mdk+aB+qdIc6BkgShrTD”
ochg07su8rmf “latd41bphmoinrjcstf19qmc9p”

and the post-parameter

requesttoken (i think from the original site where i entered the password)
password (the password)
sharingToken (S8zexCSR35eAXf6)

After that Firefox loads (GET):

with a lot of new cookies

  • |||
    | — | — |

thank you for your answer.

When I call the “https://…/index.php/s/…/authenticate/showShare” then I do not get an error anymore. But the password is asked even if I put the three post information into the request.

I send the request like the following:

I do not really know what I should write into the requesttoken.

What do I do wrong?

Perhaps this is your solution:
Using curl/wget to download file from password protect link


thank you for your fast answer.

The problem of the solution you posted is that I can just download the file not start the pdf-viewer.

Is there a way to call the PDF-Viewer and transfer the password?