Only reject ajax auth if user is really logged out

author: Vincent Petry <pvince81@owncloud.com> 2015-11-26 16:14:49 +0100
committer: Vincent Petry <pvince81@owncloud.com> 2015-11-26 17:04:21 +0100
commit: d02e0eaaf1e2c467ee0b2acb99f85414eac4a813 (patch)
tree: 4acc87a064fb0ad4bef15f9579d7a4af4453cb9a /apps/dav/lib
parent: 60682e17047df19c9486bfc21a993e08bbfce5ce (diff)
download: nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.tar.gz
nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php
index 655152a2cc1..d57fdb98f9e 100644
--- a/apps/dav/lib/connector/sabre/auth.php
+++ b/apps/dav/lib/connector/sabre/auth.php
@@ -159,7 +159,7 @@ class Auth extends AbstractBasic {
 			return [true, $this->principalPrefix . $user];
 		}
 
-		if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
+		if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
 			// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
 			$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
 			$response->setStatus(401);
author	Vincent Petry <pvince81@owncloud.com>	2015-11-26 16:14:49 +0100
committer	Vincent Petry <pvince81@owncloud.com>	2015-11-26 17:04:21 +0100
commit	d02e0eaaf1e2c467ee0b2acb99f85414eac4a813 (patch)
tree	4acc87a064fb0ad4bef15f9579d7a4af4453cb9a /apps/dav/lib
parent	60682e17047df19c9486bfc21a993e08bbfce5ce (diff)
download	nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.tar.gz nextcloud-server-d02e0eaaf1e2c467ee0b2acb99f85414eac4a813.zip