Hi,
I am trying to integrate our web app with Nextcloud. I am not having any luck opening a window / webview to /index.php/login/flow setting the OCS-APIRequest and User-Agent headers.
Chrome’s CORB (Cross-Origin Read Blocking) prevents any content being displayed. Chrome also prevents the User-Agent header being set if trying to make a jQuery $.ajax request. Similarly try to set it directly through XMLHttp​Request​.set​Request​Header() is also blocked.
I’ve tried using an iframe with the Request interface of the Fetch API and populating the iframe src from blob with URL.create​ObjectURL(). But this just causes an empty ‘unknown’ file download in Firefox and is blocked (CORB) in Chrome.
Authorising a web app to access Nextcloud shouldn’t be this hard should it? Am I going about it the wrong way? Is there some other way to set the headers on the HTTP request and open a new window or display in iframe?
Here is the HTML and JS
<iframe id="RequestFetchFrame" style="width: 500px; height: 500px"></iframe>
<script>
var request = new Request("https://cloud.724.com.au/index.php/login/flow", {
method: "GET",
mode: "no-cors",
headers: new Headers({
"OCS-APIRequest": true ,
"User-Agent": "My Web App"
})
});
fetch(request)
.then(response => response.blob())
.then(blob => {
document.querySelector("#RequestFetchFrame").src = URL.createObjectURL(blob);
});
</script>