From 8c5d843ba4a2226c1ef62daaafd37ac90ea223c5 Mon Sep 17 00:00:00 2001
From: knoflook <knoflook@disroot.org>
Date: Thu, 24 Jul 2025 17:28:53 +0200
Subject: [PATCH] chore: publish 12.0.1+31.0.6-fpm release

---
 .env.sample | 8 +++++++-
 abra.sh     | 5 ++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.env.sample b/.env.sample
index 3cbefb7..3fca63e 100644
--- a/.env.sample
+++ b/.env.sample
@@ -55,6 +55,12 @@ DEFAULT_QUOTA="10 GB"
 # APPS="calendar"
 
 # COLLABORA_URL=https://collabora.example.com
+## IMPORTANT FOR SECURITY REASONS WHEN RUNNING COLLABORA
+## list of IP addresses that are allowed to make WOPI requests. Use the default
+## when running the collabora server on the same machine as nextcloud.
+## Otherwise set this to the IP address range of your collabora server(s) i.e. 1.2.3.4/32
+## https://docs.nextcloud.com/server/latest/admin_manual/office/configuration.html#wopi-settings
+# COLLABORA_ALLOWLIST="172.16.0.0/12"
 
 # COMPOSE_FILE="$COMPOSE_FILE:compose.onlyoffice.yml"
 # ONLYOFFICE_URL=https://onlyoffice.example.com
@@ -86,4 +92,4 @@ DEFAULT_QUOTA="10 GB"
 # Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
 #HSTS_ENABLED=1
 # Uncomment this line to add the `preload` part
-#HSTS_PRELOAD=1
\ No newline at end of file
+#HSTS_PRELOAD=1
diff --git a/abra.sh b/abra.sh
index fc26ab2..7f30056 100644
--- a/abra.sh
+++ b/abra.sh
@@ -92,6 +92,9 @@ install_onlyoffice() {
 install_collabora() {
     install_apps richdocuments
     set_app_config richdocuments wopi_url "$COLLABORA_URL"
+    # important for security reaosns
+    # https://docs.nextcloud.com/server/latest/admin_manual/office/configuration.html#wopi-settings
+    set_app_config richdocuments wopi_allowlist "$COLLABORA_ALLOWLIST"
 }
 
 install_whiteboard() {
@@ -169,4 +172,4 @@ set_windowsfriendly_filenames() {
 
 upgrade_mariadb() {
     mariadb-upgrade -p`cat /run/secrets/db_root_password`
-}
\ No newline at end of file
+}