-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove Sabre_DAV_Browser_Plugin #7681
Conversation
🚀 Test Passed. 🚀 |
As discussed 👍 |
This doesn't mitigate the issue completely. GETs on direct links are still working. We have to set the content type to Another option would be to ensure that we send a @DeepDiver1975 Could you take care of this? |
@LukasReschke Honestly I'm not happy with neither of the solutions:
|
Well, SabreDAV itself will per default just return
Me neither :-) |
Yes, we do, to detect zip compressed replies. |
@dragotin But I guess sending a |
We use |
@guruz true. My comment was wrong. But in PROPFIND handling we compare the Content-Type header if it is |
Thanks - in this case I guess it'll be okay to always return application/octet-stream on GETs |
I suggest to prepare a new pull request with the content-type change, which we backport slowly after we see no issues poping up. |
👍 LGTM considering the �upcoming |
owncloud do not care, but some proxy in between might care. |
Hmm, maybe WebDAV Clients also do care to start the correct app after having downloaded a file, ie. PDF viewer or so? My gut feeling says that this might be a bad idea, I would test that with a couple of Windows WebDAV clients first. |
That for sure requires test - that's why I suggested to perform that changes slowly. |
Please @mention me on that so I can test what KDE says to it :) |
…n-master remove Sabre_DAV_Browser_Plugin
I will prepare backports .... |
@DeepDiver1975 @dragotin this breaks the sync client: when trying to authenticate the user when creating a new account, the client is doing a GET on |
@PVince81 Can |
I don't know. From the code it looks like it's all or nothing, so it might not be possible to add it conditionally. |
Please mind backward compatibility: Already released clients must remain functional. |
Disabling the browser could be made configurable. It could be enabled by default but for setups (for example enterprise where client versions might be enforced) it could be disabled by the admin. What do you think ? Another idea would be to try and make that specific call go through, which means providing another plugin which purpose is only to allow authentication on that base URL. |
Ouch, bitten again by this bug while setting up an sync account on a test VM. Should this be reverted until we find a solution that doesn't break ? The code isn't released yet and at least it wouldn't force people to manually re-add that line just when testing. |
revert stable6: a390bd2 |
revert stable5: 140a65e |
fixes https://github.com/owncloud/security-tracker/issues/56
@LukasReschke @tanghus @karlitschek