Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.0RC8

Request #5363 401 in response to OPTIONS request
Submitted: 2005-09-12 04:12 UTC Modified: 2008-05-08 17:24 UTC
From: pear dot php dot net at chsc dot dk Assigned:
Status: Feedback Package: HTTP_WebDAV_Server
PHP Version: 5.0.4 OS: Linux
Roadmaps: 1.2    
Subscription  


 [2005-09-12 04:12 UTC] pear dot php dot net at chsc dot dk
Description: ------------ If the WebDAV server sends a 401 Authorization required response to an OPTIONS request from MS MiniRedir (Microsoft-WebDAV-MiniRedir/5.1.2600), the client gives up and hands over the connection the other client in Win XP, (Microsoft Data Access Internet Publishing Provider Cache Manager). Using MiniRedir is usually preferred over the other client. An OPTIONS request doesn't reveal much information about the system, so I don't think it would be a big problem if OPTIONS request didn't ask for authorization. The behaviour can be changed achieved by changing the line if (!$this->_check_auth()) { in ServeRequest() to something like if ($_SERVER['REQUEST_METHOD'] != 'OPTIONS' && !$this->_check_auth()) {

Comments

 [2005-09-12 07:55 UTC] pear dot php dot net at chsc dot dk
Summary changed (my browser's auto-fill function filled out the field)
 [2006-03-01 10:35 UTC] hholzgra
For now i have disabled auth checking for the webdav root directory only (code is in CVS) so that OPTION can't be used as a tool for path guessing without authentication does that already fix your problem?
 [2009-06-03 12:45 UTC] radu (Radu Galesanu)
Hello, I encountered a problem today with Dreamweaver CS3, related to this bug. Apparently, DW issues an OPTIONS request and then a PROPFIND request. If the OPTIONS request doesn't return a 401 response and PROPFIND does, DW aborts the entire communication.<br> <br> The issue is fixed in Dreamweaver CS4, however I suggest you replace the fix in Server.php with a test specific for the MiniRedir client:<br> <br> if ( ( !((stristr($_SERVER['USER_AGENT'], 'Microsoft-WebDAV-MiniRedir') && $this->_SERVER['REQUEST_METHOD'] == 'OPTIONS') && ($this->path == "/")))<br> && (!$this->_check_auth())) {<br> ...<br> }<br> <br> The fix worked for me on all tested clients (I used the built in WebDAV clients in XP, Vista and MacOS, as well as Dreamweaver and BitKinex).