Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROPFIND, OPTIONS are ignoring "add_header" "Access-Control-Allow-Origin" *; #42

Open
katomaso opened this issue Feb 4, 2019 · 3 comments
Open

PROPFIND, OPTIONS are ignoring "add_header" "Access-Control-Allow-Origin" *; #42

katomaso opened this issue Feb 4, 2019 · 3 comments

Comments

@katomaso
Copy link

katomaso commented Feb 4, 2019
edited
Loading

Hello,

WebDAV ignores custom headers added by add_header directive.

I did a small test to hint what is going on. Please see the config below and note the return directive for request of type OPTIONS. Response to OPTIONS contains CORS headers but PROPFIND does not. It is because the DAV extension or this extension keeps processing. Is it a bug here or in Nginx's own DAV extension? Thanks a lot.

server {
  # IP, Certificates, fullpath, autoindex ...
  dav_methods      PUT DELETE MKCOL COPY MOVE;
  dav_ext_methods  PROPFIND OPTIONS;
  dav_access       user:rw group:rw all:rw;
  
  location / {
    root /srv/http/content;

    # Preflighted requests
    if ($request_method = OPTIONS) {
      add_header "Access-Control-Allow-Origin" *;
      add_header "Access-Control-Allow-Methods" "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND";
      add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept, DNT, X-CustomHeader, Keep-Alive,User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Range, Range, Depth";
      return 200;
    }

    if ($request_method = (GET|POST|HEAD|DELETE|PROPFIND)) {
      add_header "Access-Control-Allow-Origin" *;
      add_header "Access-Control-Allow-Methods" "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND";
      add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    }
  }
}
@SqrtMinusOne
Copy link

SqrtMinusOne commented Feb 23, 2019
edited
Loading

I had the same problem trying to launch DAViCal & CardDavMATE on different servers.
I hope there is solution other that hosting client & server (DAViCal) at one place

@fphammerle
Copy link

Maybe your HTTP response code is not in {200, 201, 204, 206, 301, 302, 303, 304, 307, 308}.

Did you try adding the always keyword to the add_header statement?

https://stackoverflow.com/a/57932938/5894777

@rozhuk-im
Copy link

I use add_header without always: http://netlab.dhis.org/wiki/ru:software:nginx:webdav
is works ok, or at least was work few years ago, but clients works fine even now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@katomaso @fphammerle @rozhuk-im @SqrtMinusOne