From ab9849e72f9a4ea78dcdd7ce4a87a5353aebd478 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 14 Dec 2015 17:42:13 +0100 Subject: [PATCH] Use Authorization headers for public webdav instead of URL Instead of prepending the token as username in the URL, use the Authorization header instead. This is because IE9 considers this a cross-domain call and refuses to do it in the first place. --- apps/files_sharing/tests/js/publicAppSpec.js | 3 ++- core/js/files/client.js | 22 +++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js index 74f008025e1..2aaf758f3e3 100644 --- a/apps/files_sharing/tests/js/publicAppSpec.js +++ b/apps/files_sharing/tests/js/publicAppSpec.js @@ -89,7 +89,8 @@ describe('OCA.Sharing.PublicApp tests', function() { it('Uses public webdav endpoint', function() { expect(fakeServer.requests.length).toEqual(1); expect(fakeServer.requests[0].method).toEqual('PROPFIND'); - expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].url).toEqual('https://example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].requestHeaders.Authorization).toEqual('Basic c2g0dG9rOm51bGw='); }); describe('Download Url', function() { diff --git a/core/js/files/client.js b/core/js/files/client.js index 608c2702fbb..70dac7d6690 100644 --- a/core/js/files/client.js +++ b/core/js/files/client.js @@ -35,27 +35,25 @@ if (options.useHTTPS) { url = 'https://'; } - var credentials = ''; - if (options.userName) { - credentials += encodeURIComponent(options.userName); - } - if (options.password) { - credentials += ':' + encodeURIComponent(options.password); - } - if (credentials.length > 0) { - url += credentials + '@'; - } url += options.host + this._root; this._defaultHeaders = options.defaultHeaders || {'X-Requested-With': 'XMLHttpRequest'}; this._baseUrl = url; - this._client = new dav.Client({ + + var clientOptions = { baseUrl: this._baseUrl, xmlNamespaces: { 'DAV:': 'd', 'http://owncloud.org/ns': 'oc' } - }); + }; + if (options.userName) { + clientOptions.userName = options.userName; + } + if (options.password) { + clientOptions.password = options.password; + } + this._client = new dav.Client(clientOptions); this._client.xhrProvider = _.bind(this._xhrProvider, this); }; -- 2.39.5