10 Jul
2013
10 Jul
'13
1:08 p.m.
Hi everybody,
I am trying to use CalDavZap with crossdomain.
My DaviCAL installation is located at http://davical.my.domain/.
My CalDavZap installation is located at http://appart.my.domain/caldavzap/.
I configured my Apache vhost and set the following in config.js :
var globalNetworkCheckSettings={
href: location.protocol+'//davical.my.domain/caldav.php/',
hrefLabel: null,
crossDomain: true,
additionalResources: [],
forceReadOnly: null,
withCredentials: false,
showHeader: true,
settingsAccount: true,
checkContentType: true,
syncInterval: 60000,
timeOut: 30000,
lockTimeOut: 10000,
delegation: false,
ignoreAlarms: false,
backgroundCalendars: []
}
When I visit http://appart.my.domain/caldavzap/ I am prompted to enter
credentials (in an HTML form). When I enter credentials, the following
lines appear in the console (using Firefox 22.0) :
OPTIONS http://davical.my.domain/caldav.php/ [HTTP/1.1 401 Unauthorized
160ms]
Error: [netCheckAndCreateConfiguration:
'http://davical.my.domain/caldav.php/'] code: '404'
Any idea ?
Julien
10 Jul
10 Jul
1:39 p.m.
Your apache configuration is wrong - you need to add CORS headers to your server response
- see misc/config_davical.txt
JM
On Jul 10, 2013, at 3:08 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi everybody,
I am trying to use CalDavZap with crossdomain.
My DaviCAL installation is located at http://davical.my.domain/.
My CalDavZap installation is located at http://appart.my.domain/caldavzap/.
I configured my Apache vhost and set the following in config.js :
var globalNetworkCheckSettings={
href: location.protocol+'//davical.my.domain/caldav.php/',
hrefLabel: null,
crossDomain: true,
additionalResources: [],
forceReadOnly: null,
withCredentials: false,
showHeader: true,
settingsAccount: true,
checkContentType: true,
syncInterval: 60000,
timeOut: 30000,
lockTimeOut: 10000,
delegation: false,
ignoreAlarms: false,
backgroundCalendars: []
}
When I visit http://appart.my.domain/caldavzap/ I am prompted to enter
credentials (in an HTML form). When I enter credentials, the following
lines appear in the console (using Firefox 22.0) :
OPTIONS http://davical.my.domain/caldav.php/ [HTTP/1.1 401 Unauthorized
160ms]
Error: [netCheckAndCreateConfiguration:
'http://davical.my.domain/caldav.php/'] code: '404'
Any idea ?
Julien
1:59 p.m.
Hi Ján,
I forgot to mention this part of the setup : I activated mod_headers and
mod_rewrite and then added the following to my default vhost (copy/paste
from config_davical.txt) :
RewriteEngine On
<IfModule mod_headers.c>
Header unset Access-Control-Allow-Origin
Header unset Access-Control-Allow-Methods
Header unset Access-Control-Allow-Headers
Header unset Access-Control-Allow-Credentials
Header unset Access-Control-Expose-Headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods
"GET,POST,OPTIONS,PROPFIND,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
Header always set Access-Control-Allow-Headers
"User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,X-client,X-Requested-With"
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Expose-Headers "Etag"
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
Is there something to be customized ?
Julien
On Wed, July 10, 2013 15:39, Ján Máté wrote:
Your apache configuration is wrong - you need to add
CORS headers to your
server response - see misc/config_davical.txt
JM
On Jul 10, 2013, at 3:08 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi everybody,
I am trying to use CalDavZap with crossdomain.
My DaviCAL installation is located at http://davical.my.domain/.
My CalDavZap installation is located at
http://appart.my.domain/caldavzap/.
I configured my Apache vhost and set the following in config.js :
var globalNetworkCheckSettings={
href: location.protocol+'//davical.my.domain/caldav.php/',
hrefLabel: null,
crossDomain: true,
additionalResources: [],
forceReadOnly: null,
withCredentials: false,
showHeader: true,
settingsAccount: true,
checkContentType: true,
syncInterval: 60000,
timeOut: 30000,
lockTimeOut: 10000,
delegation: false,
ignoreAlarms: false,
backgroundCalendars: []
}
When I visit http://appart.my.domain/caldavzap/ I am prompted to enter
credentials (in an HTML form). When I enter credentials, the following
lines appear in the console (using Firefox 22.0) :
OPTIONS http://davical.my.domain/caldav.php/ [HTTP/1.1 401 Unauthorized
160ms]
Error: [netCheckAndCreateConfiguration:
'http://davical.my.domain/caldav.php/'] code: '404'
Any idea ?
Julien
2:07 p.m.
No you do not need customization. If the OPTIONS request fails then the "RewriteRule
^(.*)$ $1 [R=200,L]" is not processed.
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
says that the server MUST reply with 200 code (success) if any OPTIONS request is
performed with "Access-Control-Request-Method" header set (and this is set by
your browser if it performs a cross domain query = this is the "preflight
request" in CORS).
JM
On Jul 10, 2013, at 3:59 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi Ján,
I forgot to mention this part of the setup : I activated mod_headers and
mod_rewrite and then added the following to my default vhost (copy/paste
from config_davical.txt) :
RewriteEngine On
<IfModule mod_headers.c>
Header unset Access-Control-Allow-Origin
Header unset Access-Control-Allow-Methods
Header unset Access-Control-Allow-Headers
Header unset Access-Control-Allow-Credentials
Header unset Access-Control-Expose-Headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods
"GET,POST,OPTIONS,PROPFIND,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
Header always set Access-Control-Allow-Headers
"User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,X-client,X-Requested-With"
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Expose-Headers "Etag"
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
Is there something to be customized ?
Julien
On Wed, July 10, 2013 15:39, Ján Máté wrote:
Your apache configuration is wrong - you need to
add CORS headers to your
server response - see misc/config_davical.txt
JM
On Jul 10, 2013, at 3:08 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi everybody,
I am trying to use CalDavZap with crossdomain.
My DaviCAL installation is located at http://davical.my.domain/.
My CalDavZap installation is located at
http://appart.my.domain/caldavzap/.
I configured my Apache vhost and set the following in config.js :
var globalNetworkCheckSettings={
href: location.protocol+'//davical.my.domain/caldav.php/',
hrefLabel: null,
crossDomain: true,
additionalResources: [],
forceReadOnly: null,
withCredentials: false,
showHeader: true,
settingsAccount: true,
checkContentType: true,
syncInterval: 60000,
timeOut: 30000,
lockTimeOut: 10000,
delegation: false,
ignoreAlarms: false,
backgroundCalendars: []
}
When I visit http://appart.my.domain/caldavzap/ I am prompted to enter
credentials (in an HTML form). When I enter credentials, the following
lines appear in the console (using Firefox 22.0) :
OPTIONS http://davical.my.domain/caldav.php/ [HTTP/1.1 401 Unauthorized
160ms]
Error: [netCheckAndCreateConfiguration:
'http://davical.my.domain/caldav.php/'] code: '404'
Any idea ?
Julien
2:46 p.m.
Thanks for your answer Ján.
Your explanation make me think that the problem comes from the "401
Unauthorized" answer, thought it is a normal behavior since I need to
authenticate against DAViCal. My browser should try to authenticate with
the user/password entered I entered, which is not the case.
Julien
On Wed, July 10, 2013 16:07, Ján Máté wrote:
No you do not need customization. If the OPTIONS
request fails then the
"RewriteRule ^(.*)$ $1 [R=200,L]" is not processed.
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
says that the server MUST reply with 200 code (success) if any OPTIONS
request is performed with "Access-Control-Request-Method" header set (and
this is set by your browser if it performs a cross domain query = this is
the "preflight request" in CORS).
JM
On Jul 10, 2013, at 3:59 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi Ján,
I forgot to mention this part of the setup : I activated mod_headers and
mod_rewrite and then added the following to my default vhost (copy/paste
from config_davical.txt) :
RewriteEngine On
<IfModule mod_headers.c>
Header unset Access-Control-Allow-Origin
Header unset Access-Control-Allow-Methods
Header unset Access-Control-Allow-Headers
Header unset Access-Control-Allow-Credentials
Header unset Access-Control-Expose-Headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods
"GET,POST,OPTIONS,PROPFIND,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
Header always set Access-Control-Allow-Headers
"User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,X-client,X-Requested-With"
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Expose-Headers "Etag"
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
Is there something to be customized ?
Julien
On Wed, July 10, 2013 15:39, Ján Máté wrote:
Your apache configuration is wrong - you need to
add CORS headers to
your
server response - see misc/config_davical.txt
JM
On Jul 10, 2013, at 3:08 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Hi everybody,
I am trying to use CalDavZap with crossdomain.
My DaviCAL installation is located at http://davical.my.domain/.
My CalDavZap installation is located at
http://appart.my.domain/caldavzap/.
I configured my Apache vhost and set the following in config.js :
var globalNetworkCheckSettings={
href: location.protocol+'//davical.my.domain/caldav.php/',
hrefLabel: null,
crossDomain: true,
additionalResources: [],
forceReadOnly: null,
withCredentials: false,
showHeader: true,
settingsAccount: true,
checkContentType: true,
syncInterval: 60000,
timeOut: 30000,
lockTimeOut: 10000,
delegation: false,
ignoreAlarms: false,
backgroundCalendars: []
}
When I visit http://appart.my.domain/caldavzap/ I am prompted to enter
credentials (in an HTML form). When I enter credentials, the following
lines appear in the console (using Firefox 22.0) :
OPTIONS http://davical.my.domain/caldav.php/ [HTTP/1.1 401
Unauthorized
160ms]
Error: [netCheckAndCreateConfiguration:
'http://davical.my.domain/caldav.php/'] code: '404'
Any idea ?
Julien
3 p.m.
No,
the OPTIONS preflight request MUST be performed WITHOUT authentication
(see http://www.w3.org/TR/cors/) and:
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
prevents DAViCal to check the username/password because [R=200,L] says:
return 200 and STOP processing the request.
So the browser will get ONLY the CORS headers (set before the RewriteRule line) and 200
(success).
This preflight request is NOT processed by DAViCal!
JM
On Jul 10, 2013, at 4:46 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Thanks for your answer Ján.
Your explanation make me think that the problem comes from the "401
Unauthorized" answer, thought it is a normal behavior since I need to
authenticate against DAViCal. My browser should try to authenticate with
the user/password entered I entered, which is not the case.
Julien
4:30 p.m.
I eventually understood my mistake : I configured my *default* vhost
with those lines instead of my DAViCal vhost, thus cross-domain requests
could not work.
I can now try using TLS.
Thank you for your help (and for your great work !)
Julien
-------- Message original --------
Sujet: Re: [Inf-IT DAVcl] 404 error when authenticating (with cross-domain)
De : Ján Máté <jan.mate(a)inf-it.com>
Pour : davclients(a)inf-it.com
Date : 10/07/2013 17:00
No,
the OPTIONS preflight request MUST be performed WITHOUT authentication
(see http://www.w3.org/TR/cors/) and:
RewriteCond %{HTTP:Access-Control-Request-Method} !^$
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
prevents DAViCal to check the username/password because [R=200,L] says:
return 200 and STOP processing the request.
So the browser will get ONLY the CORS headers (set before the RewriteRule line) and 200
(success).
This preflight request is NOT processed by DAViCal!
JM
On Jul 10, 2013, at 4:46 PM, "Julien Métairie" <ruliane(a)ruliane.net>
wrote:
Thanks for your answer Ján.
Your explanation make me think that the problem comes from the "401
Unauthorized" answer, thought it is a normal behavior since I need to
authenticate against DAViCal. My browser should try to authenticate with
the user/password entered I entered, which is not the case.
Julien
3727
days inactive
3727
days old
6 comments
3 participants
participants (3)
-
"Julien Métairie" -
Julien Métairie
-
Ján Máté