diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-12-14 17:42:13 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-12-14 17:42:13 +0100 |
| commit | ab9849e72f9a4ea78dcdd7ce4a87a5353aebd478 (patch) | |
| tree | 6be58734e067cab169c0ba0a55a214e42de35eea | |
| parent | db41c4f4b5f27757838ba17c03f6f263b91af527 (diff) | |
| download | nextcloud-server-ab9849e72f9a4ea78dcdd7ce4a87a5353aebd478.tar.gz nextcloud-server-ab9849e72f9a4ea78dcdd7ce4a87a5353aebd478.zip | |
Use Authorization headers for public webdav instead of URL
Instead of prepending the token as username in the URL, use the
Authorization header instead. This is because IE9 considers this a
cross-domain call and refuses to do it in the first place.
| -rw-r--r-- | apps/files_sharing/tests/js/publicAppSpec.js | 3 | ||||
| -rw-r--r-- | core/js/files/client.js | 22 |
2 files changed, 12 insertions, 13 deletions
diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js index 74f008025e1..2aaf758f3e3 100644 --- a/apps/files_sharing/tests/js/publicAppSpec.js +++ b/apps/files_sharing/tests/js/publicAppSpec.js @@ -89,7 +89,8 @@ describe('OCA.Sharing.PublicApp tests', function() { it('Uses public webdav endpoint', function() { expect(fakeServer.requests.length).toEqual(1); expect(fakeServer.requests[0].method).toEqual('PROPFIND'); - expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].url).toEqual('https://example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].requestHeaders.Authorization).toEqual('Basic c2g0dG9rOm51bGw='); }); describe('Download Url', function() { diff --git a/core/js/files/client.js b/core/js/files/client.js index 608c2702fbb..70dac7d6690 100644 --- a/core/js/files/client.js +++ b/core/js/files/client.js @@ -35,27 +35,25 @@ if (options.useHTTPS) { url = 'https://'; } - var credentials = ''; - if (options.userName) { - credentials += encodeURIComponent(options.userName); - } - if (options.password) { - credentials += ':' + encodeURIComponent(options.password); - } - if (credentials.length > 0) { - url += credentials + '@'; - } url += options.host + this._root; this._defaultHeaders = options.defaultHeaders || {'X-Requested-With': 'XMLHttpRequest'}; this._baseUrl = url; - this._client = new dav.Client({ + + var clientOptions = { baseUrl: this._baseUrl, xmlNamespaces: { 'DAV:': 'd', 'http://owncloud.org/ns': 'oc' } - }); + }; + if (options.userName) { + clientOptions.userName = options.userName; + } + if (options.password) { + clientOptions.password = options.password; + } + this._client = new dav.Client(clientOptions); this._client.xhrProvider = _.bind(this._xhrProvider, this); }; |