Skip to first unread message

Lionel VEST

Jan 10, 2017, 8:53:00 AM1/10/17
to SabreDAV Discussion
Hi Evert,

I was looking for a JAVASCRIPT Webdav Client that can communicate with my SABREDAV server.
I just discovered your GITHUB project : https://github.com/evert/davclient.js

I made some tests but the server I try to connect is not on the same domain.
The problem is that GOOGLE CHROME doesn't allow cross domain requests (CORS).
I got this error : "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

I found that adding this line to my server.php can partially solve the problem :
 header("Access-Control-Allow-Origin: *");

But now the error is different : "Response for preflight has invalid HTTP status code 401"
What does it mean ?
How can I fix this ?

Second question : in order to use davclient.js, I have to write the login / password in the javascript source code.
This isn't very secure because the user can read the code.
Is there a solution to avoid this ?

Best regards

Lionel VEST

Jan 10, 2017, 9:35:02 AM1/10/17
to SabreDAV Discussion
After some investigation, i think this is related to the Rewrite Rule in the vhost conf

RewriteEngine On
RewriteRule ^/(.*)$ /server.php [L]

But how am i supposed to run the server without this rule ?

Lionel VEST

Jan 10, 2017, 12:22:46 PM1/10/17
to SabreDAV Discussion
I can make the client.js work if I install iton the same server as SABREDAV server

I redirect all the traffic to my server.php file, except one subfolder named "client", using this APACHE rules :
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/client.*
RewriteRule ^/(.*)$ /server.php [L]
In that 'client' folder, i place my index.html and my client.js file.

If I give a Username and Password when creating the dav.client object, it doesn't work. It keeps asking me for the login / password in an infinite loop
But if I connect without specifying login and password, it works

So I managed to make it work, but only when the client runs on the same IP as the server.
cross server communication doesn't work. I always get ERROR 401

Lionel VEST

Jan 10, 2017, 4:27:02 PM1/10/17
to SabreDAV Discussion
After some more research, I think the problem is server related.

According to this article : http://stackoverflow.com/questions/37298843/angular-2-response-for-preflight-has-invalid-http-status-code-401-error
the server shouldnt ask ro credentials for OPTIONS requests.

So I think this is a "bug" in sabredav 3.2

Don't you think ?
Reply all
Reply to author
0 new messages