webdav-client icon indicating copy to clipboard operation
webdav-client copied to clipboard
verified publisher icon perry-mitchell

Able to Connect with only one account

Open Soknath opened this issue 6 years ago • 6 comments

I have successfully connect to WebDav with the following url: http://example.com/nextcloud/dav/files/USERNAME

This is totally working fine. However, the problem happened when I change USERNAME to different account. it returns 403 error in the request.

Please help me, where I did wrong?

Soknath avatar Dec 10 '19 09:12 Soknath

I take it you're using this in the browser? I presume it's a cookie thing.. I've seen the same issue with ownCloud (upstream of nextcloud).

It's most likely not something you've done wrong, but something the server is doing wrong. In my opinion it should not be creating a session for such connection attempts - these are authenticated restful requests, and shouldn't be tied to an account - this is most likely what's causing the 403. The server probably sees you as already having been logged in to an account.

perry-mitchell avatar Dec 17 '19 11:12 perry-mitchell

@Soknath what happens if, in the same browser, you browse to your nextcloud instance after running your code using the initial USERNAME - are you logged in?

If you log out through the UI, run the code again, and then browse back to nextcloud - are you then logged in?

perry-mitchell avatar Dec 17 '19 11:12 perry-mitchell

@perry-mitchell thanks for the reply. currently, I am using webdav-client in react-native project. I noticed that only the first connection is fine while switching to diffrent will return in 403. I agree with you that this might be an authentication problem on Nextclound side.

I did check apache log, no useful clue on error besides MKCOL protocol return 403.

Soknath avatar Dec 18 '19 01:12 Soknath

@Soknath Well, I'm quick to blame Nextcloud/ownCloud on this one, as they could handle it better, but I do think the browser-side of React-Native is also to blame. It's perhaps something I could try to tackle from this library:

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Sending_a_request_with_credentials_included

That link is for fetch, which this library doesn't use, but I'm sure there's a way to forcibly omit credentials so that the browser isn't attempting to send an open session to the webdav server. This might prevent the aceess issue you're seeing.

perry-mitchell avatar Dec 18 '19 07:12 perry-mitchell

@Soknath I think using withCredentials: false for Axios (in this library) could possibly help. You could try doing something like the following:

client.createDirectory("/test/dir", { withCredentials: false });

Or the equivalent method you were using. If you could try that with all requests and see if it fails for the other username, that'd be an immense help!

perry-mitchell avatar Dec 18 '19 07:12 perry-mitchell

@Soknath Have you by any chance been able to test my suggestion? This is a tough one to reproduce.

perry-mitchell avatar Feb 05 '20 17:02 perry-mitchell