Project

General

Profile

[Solved] WebDAV & CORS - OPTION request returns 404

Added by levi 7 months ago

Hi All,

There's a dead thread about this from forever ago but I think things have changed since then, and I'm not sure it's even the same problem: https://redmine.lighttpd.net/boards/2/topics/5001?r=5002#message-5002

I have a lighttpd server running 1.4.48, which I'm trying to connect to from Firefox 79.0 using the webdav v3.0.0 package published on npmjs.

I'm running into a CORS issue when the client wants to PUT a file which doesn't already exist on the server. I'm out of my depth here but as I understand it, the webdav client wants to issue a PUT request, but before issuing that request the browser issues a CORS preflight request (an OPTION request) to "ask" whether the actual request is going to be accepted by the server, and CORS compliant.

The preflight request headers are:

OPTIONS /data/todo.txt HTTP/1.1
Host: localhost:3003
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Referer: http://localhost:3000/
Origin: http://localhost:3000
Connection: keep-alive

and the preflight response headers are:

HTTP/1.1 404 Not Found
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Expose-Headers: *
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 600
Timing-Allow-Origin: *
Content-Length: 345
Date: Thu, 30 Jul 2020 20:11:30 GMT
Server: lighttpd/1.4.48

When the browser receives a 404 on the OPTION request, it throws a CORS error and does not try the intended PUT request. The error is described here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSPreflightDidNotSucceed

Other useful info: * In trying to troubleshoot this I've just set all Access-Control headers to "*", as shown above. * I'm not using any form of authentication for the moment, will implement later, I think that has some implications for wildcard headers but not relevant to this issue. * If the PUT request is intended to overwrite an existing file, everything works as expected with no CORS issues. This issue only occurs where the PUT request is intended to write a new file.


Replies (3)

RE: WebDAV & CORS - OPTION request returns 404 - Added by levi 7 months ago

Sorry forgot to post my config:

https://paste.lighttpd.net/B7#HLghqmhha1QX75TJazYakMIu

Also, I'll have another go at listing "other useful info"

  • In trying to troubleshoot this I've just set all Access-Control headers to "*", as shown above.
  • I'm not using any form of authentication for the moment, will implement later, I think that has some implications for wildcard headers but not relevant to this issue.
  • If the PUT request is intended to overwrite an existing file, everything works as expected with no CORS issues. This issue only occurs where the PUT request is intended to write a new file.

RE: WebDAV & CORS - OPTION request returns 404 - Added by gstrauss 7 months ago

This was addressed in lighttpd 1.4.54 (released May 2019)
reference: #2939

    (1-3/3)