WebDAV not working with other clients #32090
Comments
|
It seems that it has something to do with CORS. If I manually remove the "origin" header from the request, it works fine... |
|
GitMate.io thinks the contributor most likely able to help you is @ownclouders. Possibly related issues are #7883 (WEBDAV Client Programs not working.), #26884 (Webdav or OwnCloud client does not work with mod_lsapi), #10132 (WebDAV did not work), #30156 (Federation sharing options missing), and #31427 (some files with bad signature error). |
|
Yes. Many clients send wrong origin Headers. Not much we can do |
|
@DeepDiver1975 What about browsers? |
|
Browsers usually behave correct. |
|
@DeepDiver1975 is there any way to allow extension URLs like "moz-extension://..." via owncloud config or something else? |
|
Mozilla Extensions can allow access via the manifest afaik. |
|
@DeepDiver1975
The problem definitely exists. Why is allowing all origins in owncloud not working? |
|
Please ask alfred on central how he solved this issue.
because this is considered evil - we shall not be evil ;-) |
|
Ok, thanks for your help. |
|
So ok, if the problem still exists as @julianpoemp says, would you have any further suggestions @DeepDiver1975? Our application uses WebDAV to access ownCloud storage in the browser (Desktop web-app, browser extension and react-native mobile app). EDIT: To further my point, the Origin of the request is not relevant in these situations. The app, in any scenario, is not operating on the same domain as ownCloud as it is remotely accessing it. How should we expect WebDAV to work at all when it is bound by these issues with CORS? |
As far as I understand the specifications around CORS the clients you are describing above are not relevant for CORS. As a result they should not send the Origin header. The existance of the Origin header is the key for us to perform the CORS checks. |
|
chrome-extension:// and moz-extension:// can be added to our code base if these problems continue to exist. For the mozilla side this can be fixed on the extension side according to https://central.owncloud.org/t/notes-api-cross-origin-request-blocked/14391/24 |
Ok, thanks @DeepDiver1975.. that's clear. I'll see what can be changed there. The problem is most likely with regards to the web clients in the browser (extension). These operate using Fetch currently, which seems to be automatically adding the Cheers! |
|
I'm very far away from all this js and extension hacking - but if I understand correctly @alfredbuehler is using Fetch as well https://github.com/alfredbuehler/ocpad/blob/884bbfdf60ce8d6c0dbadcea8bfe96bd57ef4d7c/popup/ocpad.js#L25 So I assume there must be a way to use this in chrome as well ..... |
|
@DeepDiver1975 I tried ocpad and it doesn't work for me. I can't debug it, so I don't know if it's the same problem as before. If there was another extension that made this setting in manifest.json I could prove if it's really solved using this setting. All I know is: It's not possible to connect a browser extension with owncloud at this moment (tried different browsers, and the extensions "Tusk", "Buttercup" and "Passman". And I used a fresh owncloud 10 installation.
I think this is the best solution in order to allow browser extensions to connect to owncloud. |
|
do we know other extension schema which shall be supported? |
|
@julianpoemp can I ask you to help testing? #32120 THX |
|
@DeepDiver1975 thanks for re-opening this issue! I tried it on my second owncloud installation. It works very fine on Firefox with the extensions Tusk and Buttercup. Chrome and Opera seems to send an empty Origin-header (tested extensions Tusk and Buttercup). When I analyse the request I see "Origin: null". If requests are valid even without Origin headers, what about allowing "Origin: null", too? I tried this and changed your code to: Adding "empty($schema)" fixed it. What Do you think about this change? |
|
@julianpoemp I have updated the code in the PR - mind testing again? Please report back in the PR. THX a lot! |
Fixes #32090 - browser extension urls in origin header do not trigger…
…b129539a27b4a525bbd8 [stable10] Fixes #32090 - browser extension urls in origin header do …
|
@julianpoemp mind retesting with ownCloud 10.0.10 RC1 and the app you're using ? |
|
@PVince81 tested it. It works very fine! Thank you, guys! |
Steps to reproduce
Expected behaviour
The connection should work. It should be possible to select files.
Actual behaviour
There is an Server 500 error. Same issue with other plugins or clients for keePass files.
Server configuration
Operating system: Linux
Web server: Apache
Database: MySQL
PHP version: 7.2
ownCloud version: 10.0.8.5
Updated from an older ownCloud or fresh install: updated
Where did you install ownCloud from: https://owncloud.org/download/
Signing status (ownCloud 9.0 and above): 10.0.8
The content of config/config.php:
List of activated apps:
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: Webdav
Client configuration
Browser: Firefox
Operating system: MacOS 10.13.6
Logs
ownCloud log (data/owncloud.log)
The text was updated successfully, but these errors were encountered: