Comments (3)
dgraziotin
commented on August 19, 2024
@rozhuk-im are you the author of http://netlab.dhis.org/wiki/ru:software:nginx:webdav?
If yes, this bug might affect you, too.
If you have
location / {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
[...]
if ($request_method = DELETE) {
return 598;
}
[...]
}
[...]
location @delete_handler {
internal;
open_file_cache off;
if ($destination ~ ^https?://(.*)$) {
set $new_path $1;
more_set_input_headers "Destination: http://$new_path";
}
if (-d $webdav_root/$uri) { # Microsoft specific handle: Add trailing slash to dirs.
more_set_input_headers "Destination: http://$new_path/";
rewrite ^(.*[^/])$ $1/ break;
}
root $webdav_root;
dav_methods DELETE;
}
[...]
The authentication mechanisms auth_basic and auth_basic_user_file must be repeated in the location @delete_handler, too:
location / {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
[...]
if ($request_method = DELETE) {
return 598;
}
[...]
}
[...]
location @delete_handler {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
internal;
open_file_cache off;
if ($destination ~ ^https?://(.*)$) {
set $new_path $1;
more_set_input_headers "Destination: http://$new_path";
}
if (-d $webdav_root/$uri) { # Microsoft specific handle: Add trailing slash to dirs.
more_set_input_headers "Destination: http://$new_path/";
rewrite ^(.*[^/])$ $1/ break;
}
root $webdav_root;
dav_methods DELETE;
}
[...]
Otherwise, nginx will return 403 but delete the files.
Let me know if this issue applies to you, too 👍
Edit: same for @copy_move_handler
from docker-nginx-webdav-nononsense.
rozhuk-im
commented on August 19, 2024
Yes, netlab is mine.
Thanks for pointing that, never think that auth apply only in location that generates reply.
I can not check this, I do not use WebDAV for r/w operations any more, only for share content for kodi with simple minimal DAV config.
May be this will also relevant to you:
arut/nginx-dav-ext-module#55
arut/nginx-dav-ext-module#56
from docker-nginx-webdav-nononsense.
dgraziotin
commented on August 19, 2024
@rozhuk-im all good. Thank you for the Wiki article, it has helped a lot! I can credit you properly in the README now.
from docker-nginx-webdav-nononsense.
Related Issues (20)
- update to jammy HOT 4
- ability to delete files HOT 2
- X-Forwarded-For not logged/honored in logs HOT 3
- Add custom config file(s)
- Get an 409 conflict error when I try to upload a file HOT 6
- Last-Modified header HOT 5
- Add client_max_body_size also to reverse proxy HOT 7
- cant pull image? HOT 9
- Files permissions HOT 5
- Make use of /config
- Directory listing fails if any files contain square brackets - [ or ] HOT 6
- Multi User with own Folder HOT 7
- How to connect data folder to existing network share on windows? HOT 2
- 500 error - /var/cache/nginx/client_temp HOT 12
- Win7/Win srv 2012 webdav cleint HOT 1
- [request] Can you add the how to set Multi users to the readme section? HOT 3
- enable ipv6 HOT 2
- [bug] unexpected 403 error caused by permission setting HOT 5
- Add my build and publish system into the repository
- Files with beginning . not writable HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-webdav-nononsense.