TUS OPTIONS requests does not reply with TUS headers when invalid password #1012
Labels
Comments
This was referenced Dec 3, 2020
[tests-only] change the expectation of TUS OPTIONS tests to match reva behaviour
owncloud/core#38187
Merged
refs
added
Topic:TUS
Category:Defect
|
Sounds like ocis is behaving correctly. No need to give any information to unauthenticated personal. Closing this. |
|
@kobergj unauthorized curl -XOPTIONS "https://localhost:9200/remote.php/dav/files/admin" -uadmin:invalid -vk
< HTTP/1.1 204 No Content
<
< Access-Control-Allow-Headers: Tus-Resumable
< Access-Control-Expose-Headers: Tus-Resumable,Tus-Version,Tus-Extension
< Allow: OPTIONS, LOCK, GET, HEAD, POST, DELETE, PROPPATCH, COPY, MOVE, UNLOCK, PROPFIND, MKCOL, REPORT, SEARCH, PUT
...
< Dav: 1, 2
< Ms-Author-Via: DAV
< Tus-Checksum-Algorithm: md5,sha1,crc32
< Tus-Extension: creation,creation-with-upload,checksum,expiration
< Tus-Resumable: 1.0.0
< Tus-Version: 1.0.0 |
9 tasks
|
^ @micbar
Should OPTIONS request work without auth? IMO, the behavior is corret. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
when sending a TUS OPTIONS requests to the webdav endpoints without authentication we receive the correct TUS headers in the response, but if invalid username/password is set the TUS headers are not set
cs3org/reva responds with TUS headers in both cases
Probably not a big issue ether way, just want to track the issue here, so that we have a good explanation for diff in tests
The text was updated successfully, but these errors were encountered: