Do you need to restrict onlyoffice.x.com from being accessed?

I was reading this article

Does it true? If they can access onlyoffice.x.com then

anyone can connect to it and edit documents to their hearts content - which would waste my resource but also expose a potential security issue.

I just use onlyoffice.x.com to check. Does the Document Server is running or not (now it got redirected to NextCloud instead of onlyoffice.x.com/welcome, I do not know why). I also do not give a SSL for onlyoffice.x.com since I think it’s only a redirect to onlyoffice.x.com/welcome to check whether the document server is running or not (is this true?). As of right now, everything works perfectly. I am not sure if this could be a potential security issues and potentially waste resource.

I really need help regarding this, sorry.

You can set a password in the OnlyOffice configuration which would have to be provided by any client trying to use the server. This makes it very secure, and it’s what I do - precisely to prevent unauthorized access to my document server.

Start here:

And don’t forget to add the very same password to your Nextcloud OnlyOffice app configuration.