How to turn an "/f/"-link into a URL I can download with curl

Thomas_Hirsch · March 6, 2023, 3:46pm

Hello,

I just have a basic question:

I have a link of the structure
https://nextcloud.example.com, and I would like to turn it into something that I can download using plain HTTP, e.g. with curl.

Is it possible, and if so, how?

Thanks
Thomas

Vincent_Stans · March 6, 2023, 4:56pm

I have a public share https://cloud.example.com/s/bdhNNhsh there are 3 files in this share

compressed source
md5sum of compressed source
readme.md

you can download/view them by the link in a normal browser or get the full set with curl like

curl https://cloud.example.com/s/bdhNNhsh/download --output NAME.zip

this worked for me with a public share I do not know the significant of domain.tld/s/-link or domain.tld/f/-link

hope this helps let us know how it works for you.

Thomas_Hirsch · March 7, 2023, 8:30am

The Problem with this is that the “/s/”-link is not password-protected. I can set a password for every file but that is very inconvenient.

I would really like to use the “/f/”-link, if that is possible, which I think it should as that number is the actual “fileId” of the file, accessible by users who are authorized.

Vincent_Stans · March 9, 2023, 5:57pm

I have tried the f link but it seems only valid for internal webbrowser use.

I don’t think you can download the file with this link as for me it opens details of the file or offers me the download option which send the file trough webdav

https://cloud.example.tld/remote.php/webdav/filename.ext

this again works with

curl -u Username:Password https://cloud.example.tld/remote.php/webdav/filename.ext -o filename ext

maybe someone else has downloaded a file by ID and has any idea.

ernolf · March 9, 2023, 6:11pm

You are looking for nextcloud-raw :

Raw — Nextcloud raw file server

Raw simply returns any requested file, so you can link directly to a file itself (i.e. without any of NextCloud’s interface around it). This enables you to host static web pages, images or other files, for example to link/embed them elsewhere on the web.

For security and privacy, the content is served with a Content-Security-Policy header. This header instructs browsers to not load any remote content, nor execute any scripts that it may contain (of course, the downside is that your web pages cannot use javascript for interactivity).

It works for textfiles and images out of the box and for videos (e.g. to embed in a website) you have to remove two content security headers.

Use at your own risk (I do )