From d02e0eaaf1e2c467ee0b2acb99f85414eac4a813 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Thu, 26 Nov 2015 16:14:49 +0100
Subject: Only reject ajax auth if user is really logged out

---
 apps/dav/lib/connector/sabre/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps/dav/lib')

diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php
index 655152a2cc1..d57fdb98f9e 100644
--- a/apps/dav/lib/connector/sabre/auth.php
+++ b/apps/dav/lib/connector/sabre/auth.php
@@ -159,7 +159,7 @@ class Auth extends AbstractBasic {
 			return [true, $this->principalPrefix . $user];
 		}
 
-		if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
+		if (!$this->userSession->isLoggedIn() && $request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
 			// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
 			$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
 			$response->setStatus(401);
-- 
cgit v1.2.3