I've just find out that Office Online server discovery page can contain a lot of internal private information. For example somebody can request discovery page https://externallink/hosting/discovery and get information about my domain and internal server names/IPs that should stay private.
Does anyone know how to disable the xml discovery page for external users on the internet?
Thx
Related
In my company we have some internal URLs what we would like to link to in the cloud.
I've created an SPFx web part and try to display an HTML img tag with the URL of http://intranetserver/MyPics/user123/headshot.jpg
but I get
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
Is there something I need to do within my web part solution or Azure to allow this access?
You're running into an SSL issue because you're trying to load content from a non-secure URL (http instead of https), not to mention it's from another domain, so cross-domain concerns play into it as well.
The two best choices are:
Upload the image(s) directly to your SPO site, in the default images document library
(or another, more private document library if necessary)
Create an SSL certificate and place it on the internal server that's hosting the images
I'm following the guidance from Microsoft on decorating traffic to avoid throttling. This guidance specifies that you set a specific User Agent on outgoing requests from the application to SharePoint via CSOM when making API calls.
I have made this change, and would like to now verify that the User Agent is in fact appropriately modified on API calls to SharePoint.
My provider-hosted application is hosted on Azure, and while I can see CSOM calls to SharePoint (https://(mytenancy).sharepoint.com/sites/(mysite)/_vti_bin/client.svc/ProcessQuery) in the Application Map as a dependency, I can't figure out how to view the actual outbound request so as to examine it for the User Agent string.
How can I view the User Agent string on outbound requests from my Azure application? How can I verify that I've set the User Agent string on my calls to the SharePoint API?
Additional Info:
I have tried running the application as well on localhost and employed the use of Wireshark and Fiddler, but I'm only picking up requests to client.svc/ProcessQuery with my browser's User Agent string. I get the feeling I'm not even seeing all the CSOM requests.
User Agent is used for determining browser and browser version , however it seems to be dropped in processing and not available in search or export.
Please have a look at below links for further details.
UserAgent not transfered
UserAgent, Lat/Long and URL expansion data removed
Hope this information helps.
To provide feedback for the team on this specific feature , please refer to this link and upvote.
Support for viewing Raw body requests is something being considered by the Product team. Please refer here for more details on it.
I used the googledocviewer to view some word an excel sheets on my site:
<iframe src="https://docs.google.com/viewer?url=http://domain.de/media/dokumente/worddocument.doc&embedded=true" style="width:600px; height:500px;" frameborder="0"></iframe>
The documents are on MY server.
It works fine, but now my question:
Generally, on the live site, all IP´s are on my server blacklisted, because only 5 specially IP´s have access to the site.
So, the iframe try to load the googledocviewer, but google is blacklistet (on my server, because it´s not an ip from the 5)
So, the screen shows:
no document available.
If I set the googledocviewer IP to my whitelist - indexing Google all my documents and save they at any google-server?
The documents are private !!! No other IP´s and users is allowed, to see this docs.
My suspicion:
Because I use the googledocs viewer and set the googledocsviewer IP to a whitelist, other users can now access to these private documents....
Sorry for my bad english...I'll work on it.
Best regards,
Thorsten
As mentioned in Whitelist domains for Google Apps, you can still set which files can be shared and you also can choose more permissive settings to be sure that you don't share confidential files.
You can allow file sharing in Google Drive for organizations that you trust by whitelisting their domain. After you whitelist a domain, you then grant Drive access so that users in your organization can share files and folders with users in the trusted domain.
Furthermore, it was also mentioned in grant sharing access for whitelisted domains
For Google Apps Unlimited, Google Apps for Education, and Google Apps for Nonprofits, you grant file sharing access by changing Drive sharing settings. For details, see Set file sharing permissions.
For Google Apps for Education, you grant access to classes by changing Classroom settings. For details, see Whitelist domains for Classroom.
I have Sharepoint 2010 hosted with windows authentication . I have created a document library inside a new site and uploaded few files.
Now,I'm trying to utilize the info of these files in some application using Rest Webservice exposed by sharepoint.
*http://{server_name}/{site}/_vti_bin/ListData.svc/{Document_Library_name}*
In the response I get xml containing details of files uploaded in document library. One of the tag in response of xml (inside src attribute of tag) contains detail of url of file uploaded,
Now when I try to use this url for document display/download in my application/browser, it pops up with the window authentication which I have for Sharepoint site . After I provide correct user/password the document gets downloaded.
Is it somehow possible to make this document url public(I don't want window authentication pop up) ? At the same time I don't want to disable the Windows authentication for Sharepoint site .
Thanks in advance
By public do you mean accessible within your LAN or accessible from the internet given the sharepoint site is bound to an internet facing interface? I would imagine on the LAN it would be best to simply use the guest account for users who you wanted to give 'public' access to.
Bear in mind the only reason you're prompted for login details is probably because you're not using Internet Explorer.
Before I begin asking this question I will have to warn you that I know next to nothing about SharePoint and I'm basically learning as I go along.
Here's where I am right now:
I have a virtual pc with an instance of SharePoint and windows server 2003 running on it
I have managed to get a network adaptor set up so I can access the SharePoint instance via a web browser in the host.
I have created and published a InfoPath form to the SharePoint instance and I can view the form in a browser from my host machine.
So far everything is great, the only issue is that in order to view the SharePoint Instance or InfoPaths form in the browser I have to first login as the virtual PCs administrator. Now what I want to do is view the same InfoPath form in a mobile device.
Here's what I have done next:
On my host machine I created a Windows CE 3.5 application
in which I added a web browser control and pointed it at the hosted InfoPath form on the SharePoint instance.
Now when I run the application in a mobile emulator I get a connection error, though I do not get this error if I point the control to google, or some other site.
I now have the distinct feeling that the reason for this is that as I mentioned to access the form I needed to login using windows authentication. I tried changing the web application in IIS to allow anonymous access and not require windows authentication. While this worked the SharePoint site stated "Not authorized" so now I gather that SharePoint builds on top of windows authentication to control access to its functionality.
So finally, after all that here's my actual questions:
How do I grant access in SharePoint to specific bits of functionality for specific windows users?
For a mobile device that is not a user on the same network as the SharePoint instance how do I give it access to view the InfoPath form?
I know my questions are a little rambled but one bit issue I have with all this is I am really not sure what to ask, or how to word it. Hopefully someone has grasped what I am trying to do and help out.
To summarize: I basically want to have an emulated mobile device (on the host) access an InfoPath form served by SharePoint/Forms Server on a virtual PC image.
When you want to change authentication to SharePoint never do so by changing settings in IIS directly but go to Central Administration, Application Management, Authentication Providers. There you can set it up to use basic authentication, Forms Auth or Anonymous access.. whatever works for you.
Forms Services may have further challenges but this should at least get you a login.