Please provide an option to specify the browser agent string used when accessing documents in the web. Sometimes access to files is blocked when the agent string is set to something like 'curl'. Also conditional access from M$ M365 blocks access to files if for example the 'platform' in the browser agent string is not set to one of their supported platforms (Win, Mac, IOS, Android).
Adding "needsDevAdvice" as I am unsure of the implications. Maybe something for the expert configuration? Markus, if you know of documentation about those MS 365 restrictions, please do share a link. Also, please give more information on what method exactly you use to access remote files, as I suppose the user agent string depends on the route. Regarding getting blocked because "curl" is in there, it should at least be fixed for webdav since LO 7.3.4: bug 148429. Michael, any opinion?
Well, I do not know any kind of documentation, unfortunately. The "use case" is to open documents located in one drive for business with activated conditional access blocking "unsupported platforms". When a company activates conditional access in their tenant and allow only "supported platforms" to have access to the content of that tenant, linux at all is denied (supported platforms are Windows, MacOS, iOS and Android). So I was thinking: How can Microsoft determine the platform from which I try to get access to the content ? I suppose, it will be the user agent string of the application that tries to access content. As the access method to open documents in one drive is probably a https get, that's at least what I can see, is shared from teams4linux to libre office. An option to set the user agent string in a whole would provide a way to masque the original platform of a device. And it wont heard those who do not care of that use case. So, yes, this can surly be an expert option. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
[Automated Action] NeedInfo-To-Unconfirmed
Don't know what standard we could follow for the user agent. Something like User-Agent: LibreOffice/26.08 (X11; Linux x86_64) sounds random and might not be accepted by some servers. And to fake Chrome/Firefox etc. is weird too. Missing clear STR.
Wait, setting a specific browser agent string is not going to solve the requested use case. It is not a need for a different browser agent string for LibreOffice. Rather IIUC this an issue of configuring the MS Active Directory tenant hosting the company? One where the MS Entra Conditional Access policy still requires valid authentication, done typically by OAuth2 token, which LibreOffice already supports via libcmis, or libcurl and for WOPI. All patched by LibreOffice devs to use MS Graph API. Authentication via OAuth2 token then gets signaled to Entra for Conditional Access to resolves by policy to access the resource and trigger MFA if those policies are set. The AD has to be configured to allow the authentication method [1], and the company AD tenants Entra Conditional Access will need policies in place to support that "off-premise" access to content on the servers. The use case is not valid, and this is IMHO => WF =-ref-= [1] https://learn.microsoft.com/en-us/graph/api/resources/authenticationmethodspolicies-overview?view=graph-rest-1.0