Security

Trusted domain

In some cases it might be required that an app checks that a user given link is one of the current instance. This is possible with the OCP\Security\ITrustedDomainHelper:

<?php

declare(strict_types=1);
use OCP\Security\ITrustedDomainHelper;

$helper = \OC::$server->get(ITrustedDomainHelper::class);

// Compare a full URL example given
$url = 'https://localhost/nextcloud/index.php/apps/files/';
$helper->isTrustedUrl($url);

// Compare a domain and port
$domain = 'example.tld:8443';
$helper->isTrustedDomain($domain);