Use Authorization headers for public webdav instead of URL

Instead of prepending the token as username in the URL, use the
Authorization header instead. This is because IE9 considers this a
cross-domain call and refuses to do it in the first place.

diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js
index 74f008025e1364878a82b299411c26c3ee4da5dc..2aaf758f3e36bc3662fbac6b5a6e3f125c989ca3 100644 (file)
--- a/apps/files_sharing/tests/js/publicAppSpec.js
+++ b/apps/files_sharing/tests/js/publicAppSpec.js
@@ -89,7 +89,8 @@ describe('OCA.Sharing.PublicApp tests', function() {
                it('Uses public webdav endpoint', function() {
                        expect(fakeServer.requests.length).toEqual(1);
                        expect(fakeServer.requests[0].method).toEqual('PROPFIND');
-                       expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com/owncloud/public.php/webdav/subdir');
+                       expect(fakeServer.requests[0].url).toEqual('https://example.com/owncloud/public.php/webdav/subdir');
+                       expect(fakeServer.requests[0].requestHeaders.Authorization).toEqual('Basic c2g0dG9rOm51bGw=');
                });
 
                describe('Download Url', function() {

diff --git a/core/js/files/client.js b/core/js/files/client.js
index 608c2702fbbb5baa9fb37cdf1027783a4f15e3f9..70dac7d669007d9ba88c2e5c290c74b3c59cc877 100644 (file)
--- a/core/js/files/client.js
+++ b/core/js/files/client.js
@@ -35,27 +35,25 @@
                if (options.useHTTPS) {
                        url = 'https://';
                }
-               var credentials = '';
-               if (options.userName) {
-                       credentials += encodeURIComponent(options.userName);
-               }
-               if (options.password) {
-                       credentials += ':' + encodeURIComponent(options.password);
-               }
-               if (credentials.length > 0) {
-                       url += credentials + '@';
-               }
 
                url += options.host + this._root;
                this._defaultHeaders = options.defaultHeaders || {'X-Requested-With': 'XMLHttpRequest'};
                this._baseUrl = url;
-               this._client = new dav.Client({
+
+               var clientOptions = {
                        baseUrl: this._baseUrl,
                        xmlNamespaces: {
                                'DAV:': 'd',
                                'http://owncloud.org/ns': 'oc'
                        }
-               });
+               };
+               if (options.userName) {
+                       clientOptions.userName = options.userName;
+               }
+               if (options.password) {
+                       clientOptions.password = options.password;
+               }
+               this._client = new dav.Client(clientOptions);
                this._client.xhrProvider = _.bind(this._xhrProvider, this);
        };