Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webDAV: Disclosure of file names in directories on the path. #263

Closed
289699522 opened this issue Sep 6, 2023 · 1 comment
Closed

webDAV: Disclosure of file names in directories on the path. #263

289699522 opened this issue Sep 6, 2023 · 1 comment

Comments

@289699522
Copy link

Problem

When I use dufs -a user1:pass1@/dir1/dir2/dir3 , under normal circumstances , user1 don't have permission to list files under /dir1 and /dir1/dir2 , but when I access the above directories through webDAV, user1 can list the files and dictionaries under /dir1 and /dir1/dir2.

Log

Log shows status Code is 207.

Environment:

  • Dufs version: v0.36.0
  • Browser/Webdav Info:
  • OS Info:
@sigoden
Copy link
Owner

sigoden commented Sep 6, 2023

Webdav must be designed like this.

This is because some webdav clients do not carry the Authorization header when listing files.

@sigoden sigoden closed this as not planned Won't fix, can't repro, duplicate, stale Sep 6, 2023
@sigoden sigoden mentioned this issue Sep 26, 2023
Closed
@sigoden sigoden mentioned this issue Jan 9, 2024
Closed
@sigoden sigoden mentioned this issue Jul 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sigoden @289699522