Add CORS header guide for Nextcloud/Owncloud

README.md

@@ -92,6 +92,8 @@ Additionally, the plugin author may occasionally visit Obsidian official forum a
   - If you are using Obsidian desktop < 0.13.25 or iOS < 1.1.1 or any Android version:
     - The webdav server has to be enabled CORS for requests from `app://obsidian.md` and `capacitor://localhost` and `http://localhost`, **AND** all webdav HTTP methods, **AND** all webdav headers. These are required, because Obsidian mobile works like a browser and mobile plugins are limited by CORS policies unless under a upgraded Obsidian version.
     - Popular software NextCloud, OwnCloud, `rclone serve webdav` do **NOT** enable CORS by default. If you are using any of them, you should evaluate the risk, and find a way to enable CORS, before using this plugin, or use a upgraded Obsidian version.
+      - NextCloud users can install [WebAppPassword](https://apps.nextcloud.com/apps/webapppassword) app, and add `app://obsidian.md,capacitor://localhost,http://localhost` to `Allowed origins`
+      - OwnCloud users can download `.tar.gz` of `WebAppPassword` above and manually install it on their instance
     - The plugin is tested successfully under python package [`wsgidav` (version 4.0)](https://github.com/mar10/wsgidav). See [this issue](https://github.com/mar10/wsgidav/issues/239) for some details.
 - Your data would be synced to a `${vaultName}` sub folder on your webdav server.
 - Password-based end-to-end encryption is also supported. But please be aware that **the vault name itself is not encrypted**.