Check if request is sent from official ownCloud client - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

diff options

author	Lukas Reschke <lukas@owncloud.com>	2016-03-23 19:31:17 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-03-24 08:59:56 +0100
commit	cc8c0b6a90be3967dd460c17e1894934016f4e0f (patch)
tree	6f026645dee1d7c4b638a43448be4d30f00b537c /autotest-js.sh
parent	4b3af9dfe781dc875f3bf94cd31e658ef1d707a9 (diff)
download	nextcloud-server-cc8c0b6a90be3967dd460c17e1894934016f4e0f.tar.gz nextcloud-server-cc8c0b6a90be3967dd460c17e1894934016f4e0f.zip

Check if request is sent from official ownCloud client

There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check) While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.

Diffstat (limited to 'autotest-js.sh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: