Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: 405 Method Not Allowed returned for PROPFIND request with additional properties for non existing file #34574

Closed
6 of 9 tasks
dkocher opened this issue Oct 13, 2022 · 4 comments
Closed
6 of 9 tasks

[Bug]: 405 Method Not Allowed returned for PROPFIND request with additional properties for non existing file #34574

dkocher opened this issue Oct 13, 2022 · 4 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 23-feedback Feedback from 23.x releases bug

Comments

@dkocher
Copy link

dkocher commented Oct 13, 2022

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

For PROPFIND requests that request attributes in namespace http://nextcloud.org/ns a 405 error is returned instead of expected 404 for non existent files.

Steps to reproduce

PROPFIND /bMZUnQuf HTTP/1.1
Depth: 0
Content-Type: text/xml; charset=utf-8
Content-Length: 344
Host: cloud.iterate.ch
Connection: Keep-Alive
Accept-Encoding: gzip,deflate

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><propfind xmlns="DAV:"><prop><creationdate/><displayname/><getcontentlength/><getcontenttype/><getetag/><getlastmodified/><lockdiscovery/><resourcetype/><nc:fileid xmlns:nc="http://nextcloud.org/ns"/><s:lastmodified_server xmlns:s="SAR:"/><s:lastmodified xmlns:s="SAR:"/></prop></propfind>

HTTP/1.1 405 Method Not Allowed
Server: nginx/1.20.0
Date: Thu, 13 Oct 2022 10:24:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-Vkk4eUljT1c0a0NJNVNpeW5iNU1qV2VtZHJZZ1RZbkFiR2dPWkxvbHJqND06SmNWWmM0ckJoU0hFM1d5R3R0by8zeXlTTi9JUEorWDJBUUJ0TC9GaStFOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_username=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
Set-Cookie: nc_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
Set-Cookie: nc_session_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
Set-Cookie: nc_username=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Set-Cookie: nc_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Set-Cookie: nc_session_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Set-Cookie: oc7vsmzhpklo=c5unjcpoalac582uhsdsl60ige; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: cookie_test=test; expires=Thu, 13-Oct-2022 11:24:15 GMT; Max-Age=3600

Expected behavior

404 error response.

Installation method

Community Manual installation with Archive

Operating system

RHEL/CentOS

PHP engine version

PHP 7.3

Web server

Nginx

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response
@dkocher dkocher added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Oct 13, 2022
@szaimen
Copy link
Contributor

szaimen commented Oct 13, 2022

Which nc version?

@dkocher
Copy link
Author

dkocher commented Oct 13, 2022

Which nc version?

Running version 23.0.6.

@szaimen szaimen added the 23-feedback Feedback from 23.x releases label Oct 13, 2022
dkocher added a commit to iterate-ch/cyberduck that referenced this issue Oct 13, 2022
@dkocher
Workaround for nextcloud/server#34574.
d97a7eb
dkocher added a commit to iterate-ch/cyberduck that referenced this issue Oct 17, 2022
@dkocher
Workaround for nextcloud/server#34574.
55cde1d
@dkocher
Copy link
Author

dkocher commented Oct 17, 2022

This cannot be reproduced with the actual /remote.php/webdav prefix where the DAV handler is enabled.

@dkocher dkocher closed this as completed Oct 17, 2022
tobihagemann added a commit to cryptomator/cloud-access-swift that referenced this issue Feb 20, 2023
@tobihagemann
Added workaround for nextcloud/server#34574
3d0a916
@tobihagemann tobihagemann mentioned this issue Feb 20, 2023
Closed
2 tasks
@vsajip
Copy link

vsajip commented Jul 13, 2023

I can certainly reproduce it with NC 27.0.0. Here are the request and response headers I see in my browser's developer pane:

PROPFIND /.well-known/caldav HTTP/2
Host: cloud.red-dove.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
requesttoken: <redacted>
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Origin: https://cloud.red-dove.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 405 Method Not Allowed
server: nginx
date: Thu, 13 Jul 2023 21:31:19 GMT
content-type: text/html; charset=iso-8859-1
content-length: 312
allow: GET,HEAD,POST,OPTIONS,TRACE
X-Firefox-Spdy: h2

As per the documentation, I used these rewrite rules with Apache (as NC is installed in a subfolder called nextcloud):

  RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/nextcloud/remote.php/dav [R=301,L]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 23-feedback Feedback from 23.x releases bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dkocher @vsajip @szaimen