PROPFIND on folder with Depth 2 returns 400 Bad Request #1975
Comments
|
this is repeated. |
|
@saw-jan please check this on oC10 also. What happens with Depth 2? I think that we decided "somewhere" that the Depth parameter can be 0, 1 or infinite. That a spec somewhere does not require depth 2,3,4... to be supported. |
|
In oC10, with curl -X PROPFIND -u admin:admin http://localhost/core/remote.php/webdav/Folder -H "Depth: 2" -v* Connected to localhost (127.0.0.1) port 80 (#0)
* Server auth using Basic with user 'admin'
> PROPFIND /core/remote.php/webdav/Folder HTTP/1.1
> Host: localhost
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.68.0
> Accept: */*
> Depth: 2
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 207 Multi-Status
< Date: Thu, 16 Sep 2021 05:36:54 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: ocjhxqg8fllg=1l78kge8acagvsig2j0enhn4a2; path=/core; HttpOnly; SameSite=Strict
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: oc_sessionPassphrase=QWMVubgnd1fseZCEoZPP5CWqSrdwqc46EV6sNzI1MeyAwoG7sYJMaGM1hMXgeREbC5uWm%2BjAx0g4kNnFhaAT0Ku6vM%2FmReDLbb9U3hkfcaM3GujBXCMiMTNm9oETEzqP; path=/core; HttpOnly; SameSite=Strict
< Content-Security-Policy: default-src 'none';
< X-XSS-Protection: 0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Robots-Tag: none
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Set-Cookie: ocjhxqg8fllg=thlltfqbe860j9qvhhgik0arde; path=/core; HttpOnly; SameSite=Strict
< Set-Cookie: cookie_test=test; expires=Thu, 16-Sep-2021 06:36:54 GMT; Max-Age=3600
< Vary: Brief,Prefer
< DAV: 1, 3, extended-mkcol, 2
< Content-Length: 546
< Content-Type: application/xml; charset=utf-8
<
{ [546 bytes data]
100 546 100 546 0 0 3664 0 --:--:-- --:--:-- --:--:-- 3664
* Connection #0 to host localhost left intact
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns">
<d:response>
<d:href>/core/remote.php/webdav/Folder/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Thu, 16 Sep 2021 05:35:48 GMT</d:getlastmodified>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
<d:quota-used-bytes>0</d:quota-used-bytes>
<d:quota-available-bytes>-3</d:quota-available-bytes>
<d:getetag>"6142d7b44ca82"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
</d:response>
</d:multistatus> |
|
http://www.webdav.org/specs/rfc2518.html#METHOD_PROPFIND The spec only specifies depth of "0", "1" or infinity. So we don't need to respond to depth "2". There should not be any real clients that request depth "2". https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiWebdavOperations/listFiles.feature has test scenarios for depth "0", "1" and "infinity" - that is good. I don't see automated tests for depth "2" any more (I think we removed those). Closing. |
curl -X PROPFIND -u admin:admin https://localhost:9200/remote.php/webdav/folder -H "Depth: 2" -vExpected: to return some XML response body
Actual:
> PROPFIND /remote.php/webdav/folder HTTP/1.1 > Host: localhost:9200 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.68.0 > Accept: */* > Depth: 2 > { [5 bytes data] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [146 bytes data] * Mark bundle as not supporting multiuse < HTTP/1.1 400 Bad Request < Access-Control-Allow-Origin: * < Content-Length: 0 < Content-Security-Policy: default-src 'none'; < Date: Wed, 28 Apr 2021 04:52:48 GMT < Vary: Origin < X-Content-Type-Options: nosniff < X-Download-Options: noopen < X-Frame-Options: SAMEORIGIN < X-Permitted-Cross-Domain-Policies: none < X-Robots-Tag: none < X-Xss-Protection: 1; mode=blockBut works when
Depthis1> PROPFIND /remote.php/webdav/folder HTTP/1.1 > Host: localhost:9200 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.68.0 > Accept: */* > Depth: 1 > { [5 bytes data] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [146 bytes data] * Mark bundle as not supporting multiuse < HTTP/1.1 207 Multi-Status < Access-Control-Allow-Origin: * < Access-Control-Expose-Headers: Tus-Resumable, Tus-Version, Tus-Extension < Content-Length: 806 < Content-Security-Policy: default-src 'none'; < Content-Type: application/xml; charset=utf-8 < Date: Wed, 28 Apr 2021 04:56:47 GMT < Dav: 1, 3, extended-mkcol < Tus-Extension: creation,creation-with-upload < Tus-Resumable: 1.0.0 < Tus-Version: 1.0.0 < Vary: Origin < X-Content-Type-Options: nosniff < X-Download-Options: noopen < X-Frame-Options: SAMEORIGIN < X-Permitted-Cross-Domain-Policies: none < X-Robots-Tag: none < X-Xss-Protection: 1; mode=block < { [588 bytes data] 100 806 100 806 0 0 3088 0 --:--:-- --:--:-- --:--:-- 3100 * Connection #0 to host localhost left intact <?xml version="1.0" encoding="utf-8"?> <d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns"> <d:response> <d:href>/remote.php/webdav/folder/</d:href> <d:propstat> <d:prop> <oc:id>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OmRhYWEwNWY4LWFjMmQtNGM0YS05MDkwLWI4NGZlMTQ1ODg0ZQ==</oc:id> <oc:fileid>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OmRhYWEwNWY4LWFjMmQtNGM0YS05MDkwLWI4NGZlMTQ1ODg0ZQ==</oc:fileid> <d:getetag>"f5ca0d845272de6d7b4aeea5ddbde867"</d:getetag> <oc:permissions>RDNVCK</oc:permissions> <d:resourcetype> <d:collection/> </d:resourcetype> <oc:size>4096</oc:size> <d:getlastmodified>Wed, 28 Apr 2021 04:52:32 GMT</d:getlastmodified> <oc:favorite>0</oc:favorite> </d:prop> <d:status>HTTP/1.1 200 OK</d:status> </d:propstat> </d:response> </d:multistatus>The text was updated successfully, but these errors were encountered: