Check for empty authorization headers for office requests and allow anonymous option on the whole tree

Signed-off-by: Julius Härtl <jus@bitgrid.net>

1 files changed, 5 insertions, 2 deletions

diff --git a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
index e222eb18857..e0aa19c50b3 100644
--- a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php
@@ -62,8 +62,11 @@ class AnonymousOptionsPlugin extends ServerPlugin {
 	 */
 	public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
 		$isOffice = preg_match('/Microsoft Office/i', $request->getHeader('User-Agent'));
-		$isAnonymousOption = ($request->getMethod() === 'OPTIONS' && ($request->getHeader('Authorization') === null || trim($request->getHeader('Authorization')) === 'Bearer') && $this->isRequestInRoot($request->getPath()));
-		$isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $request->getHeader('Authorization') === 'Bearer';
+		$emptyAuth = $request->getHeader('Authorization') === null
+			|| $request->getHeader('Authorization') === ''
+			|| trim($request->getHeader('Authorization')) === 'Bearer';
+		$isAnonymousOption = $request->getMethod() === 'OPTIONS' && $emptyAuth;
+		$isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth;
 		if ($isAnonymousOption || $isOfficeHead) {
 			/** @var CorePlugin $corePlugin */
 			$corePlugin = $this->server->getPlugin('core');