Heh,
now I know ... change the:
Header always set Access-Control-Allow-Credentials true
to
Header always set Access-Control-Allow-Credentials false
... I will also change it in the misc/config_davical.txt for the final release
The problem is, that Access-Control-Allow-Origin "*" is not compatible with Access-Control-Allow-Credentials true (and there is no reason to set this to true for DAViCal and 99% of other servers).
JM
On 27 Nov 2013, at 14:14, Johan Vromans jvromans@squirrel.nl wrote:
Ján Máté jan.mate@inf-it.com writes:
your working setup is non cross-domain, and the setup you want is cross-domain setup.
Yes, that's what I already figured out...
Check the new readme.txt with detailed cross-domain setup information/instructions ...
I've added misc/config_davical.txt to the VirtualHost section.
<VirtualHost *:80 >
DocumentRoot /usr/share/davical/htdocs DirectoryIndex index.php index.html ServerName davical.squirrel.nl Alias /images/ /usr/share/davical/htdocs/images/
<Directory /usr/share/davical/htdocs/> AllowOverride None Order allow,deny Allow from all
</Directory>
AcceptPathInfo On RewriteEngine On
<IfModule mod_headers.c> Header unset Access-Control-Allow-Origin Header unset Access-Control-Allow-Methods Header unset Access-Control-Allow-Headers Header unset Access-Control-Allow-Credentials Header unset Access-Control-Expose-Headers
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,X-client,X-Requested-With" Header always set Access-Control-Allow-Credentials true Header always set Access-Control-Expose-Headers "Etag" RewriteCond %{HTTP:Access-Control-Request-Method} !^$ RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]</IfModule>
</VirtualHost>
Firefox webconsole (Net+Logging) shows:
[13:58:43.417] Info: [account: 'http://jv@davical.squirrel.nl/caldav.php/jv/'] crossDomain set to: 'true' [13:58:43.724] OPTIONS http://davical.squirrel.nl/caldav.php/jv/ [HTTP/1.1 200 OK 0ms]
When I inspect the OPTIONS query, it seems that the reply does indeed return everything that is required. See http://www.squirrel.nl/pub/xfer/uploads/3CF0ERVc8bsqDINxTME0ar7g.png
So apparently I'm still missing something.
-- Johan