[Solved] WebDAV & CORS - OPTION request returns 404
Added by levi over 3 years ago
Hi All,
There's a dead thread about this from forever ago but I think things have changed since then, and I'm not sure it's even the same problem: https://redmine.lighttpd.net/boards/2/topics/5001?r=5002#message-5002
I have a lighttpd server running 1.4.48, which I'm trying to connect to from Firefox 79.0 using the webdav v3.0.0 package published on npmjs.
I'm running into a CORS issue when the client wants to PUT a file which doesn't already exist on the server. I'm out of my depth here but as I understand it, the webdav client wants to issue a PUT request, but before issuing that request the browser issues a CORS preflight request (an OPTION request) to "ask" whether the actual request is going to be accepted by the server, and CORS compliant.
The preflight request headers are:
OPTIONS /data/todo.txt HTTP/1.1 Host: localhost:3003 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Access-Control-Request-Method: PUT Access-Control-Request-Headers: content-type Referer: http://localhost:3000/ Origin: http://localhost:3000 Connection: keep-alive
and the preflight response headers are:
HTTP/1.1 404 Not Found Content-Type: text/html Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Expose-Headers: * Access-Control-Allow-Headers: * Access-Control-Max-Age: 600 Timing-Allow-Origin: * Content-Length: 345 Date: Thu, 30 Jul 2020 20:11:30 GMT Server: lighttpd/1.4.48
When the browser receives a 404 on the OPTION request, it throws a CORS error and does not try the intended PUT request. The error is described here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSPreflightDidNotSucceed
Other useful info: * In trying to troubleshoot this I've just set all Access-Control headers to "*", as shown above. * I'm not using any form of authentication for the moment, will implement later, I think that has some implications for wildcard headers but not relevant to this issue. * If the PUT request is intended to overwrite an existing file, everything works as expected with no CORS issues. This issue only occurs where the PUT request is intended to write a new file.
Replies (3)
RE: WebDAV & CORS - OPTION request returns 404 - Added by levi over 3 years ago
Sorry forgot to post my config:
https://paste.lighttpd.net/B7#HLghqmhha1QX75TJazYakMIu
Also, I'll have another go at listing "other useful info"
- In trying to troubleshoot this I've just set all Access-Control headers to "*", as shown above.
- I'm not using any form of authentication for the moment, will implement later, I think that has some implications for wildcard headers but not relevant to this issue.
- If the PUT request is intended to overwrite an existing file, everything works as expected with no CORS issues. This issue only occurs where the PUT request is intended to write a new file.
RE: WebDAV & CORS - OPTION request returns 404 - Added by gstrauss over 3 years ago
This was addressed in lighttpd 1.4.54 (released May 2019)
reference: #2939
RE: [Solved] WebDAV & CORS - OPTION request returns 404 - Added by levi over 3 years ago
Oof. Thanks so much!