From 4b4a9b0989281b8270bde3fabaacb02719d5a1c1 Mon Sep 17 00:00:00 2001
From: n0k0m3 <10925298+n0k0m3@users.noreply.github.com>
Date: Mon, 18 Apr 2022 11:22:23 -0400
Subject: [PATCH 1/2] Add CORS header guide for Nextcloud/Owncloud

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 90f0389..bb79ae6 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,8 @@ Additionally, the plugin author may occasionally visit Obsidian official forum a
   - If you are using Obsidian desktop < 0.13.25 or iOS < 1.1.1 or any Android version:
     - The webdav server has to be enabled CORS for requests from `app://obsidian.md` and `capacitor://localhost` and `http://localhost`, **AND** all webdav HTTP methods, **AND** all webdav headers. These are required, because Obsidian mobile works like a browser and mobile plugins are limited by CORS policies unless under a upgraded Obsidian version.
     - Popular software NextCloud, OwnCloud, `rclone serve webdav` do **NOT** enable CORS by default. If you are using any of them, you should evaluate the risk, and find a way to enable CORS, before using this plugin, or use a upgraded Obsidian version.
+      - NextCloud users can install [WebAppPassword](https://apps.nextcloud.com/apps/webapppassword) app, and add `app://obsidian.md,capacitor://localhost,http://localhost` to `Allowed origins`
+      - OwnCloud users can download `.tar.gz` of `WebAppPassword` above and manually install it on their instance
     - The plugin is tested successfully under python package [`wsgidav` (version 4.0)](https://github.com/mar10/wsgidav). See [this issue](https://github.com/mar10/wsgidav/issues/239) for some details.
 - Your data would be synced to a `${vaultName}` sub folder on your webdav server.
 - Password-based end-to-end encryption is also supported. But please be aware that **the vault name itself is not encrypted**.

From f69adf273a0933c3b583dbaa12016e5affc1ad90 Mon Sep 17 00:00:00 2001
From: fyears <1142836+fyears@users.noreply.github.com>
Date: Wed, 27 Apr 2022 23:32:15 +0800
Subject: [PATCH 2/2] add special hints

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bb79ae6..0ae3b27 100644
--- a/README.md
+++ b/README.md
@@ -92,8 +92,8 @@ Additionally, the plugin author may occasionally visit Obsidian official forum a
   - If you are using Obsidian desktop < 0.13.25 or iOS < 1.1.1 or any Android version:
     - The webdav server has to be enabled CORS for requests from `app://obsidian.md` and `capacitor://localhost` and `http://localhost`, **AND** all webdav HTTP methods, **AND** all webdav headers. These are required, because Obsidian mobile works like a browser and mobile plugins are limited by CORS policies unless under a upgraded Obsidian version.
     - Popular software NextCloud, OwnCloud, `rclone serve webdav` do **NOT** enable CORS by default. If you are using any of them, you should evaluate the risk, and find a way to enable CORS, before using this plugin, or use a upgraded Obsidian version.
-      - NextCloud users can install [WebAppPassword](https://apps.nextcloud.com/apps/webapppassword) app, and add `app://obsidian.md,capacitor://localhost,http://localhost` to `Allowed origins`
-      - OwnCloud users can download `.tar.gz` of `WebAppPassword` above and manually install it on their instance
+      - **Unofficial** workaround: NextCloud users can **evaluate the risk by themselves**, and if decide to accept the risk, they can install [WebAppPassword](https://apps.nextcloud.com/apps/webapppassword) app, and add `app://obsidian.md`, `capacitor://localhost`, `http://localhost` to `Allowed origins`
+      - **Unofficial** workaround: OwnCloud users can **evaluate the risk by themselves**, and if decide to accept the risk, they can download `.tar.gz` of `WebAppPassword` above and manually install and configure it on their instances.
     - The plugin is tested successfully under python package [`wsgidav` (version 4.0)](https://github.com/mar10/wsgidav). See [this issue](https://github.com/mar10/wsgidav/issues/239) for some details.
 - Your data would be synced to a `${vaultName}` sub folder on your webdav server.
 - Password-based end-to-end encryption is also supported. But please be aware that **the vault name itself is not encrypted**.