Click on some contact detail (like phone number) to edit it
Change the value
"Exit" the contact detail field editing by clicking elsewhere
This will trigger a HTTP PUT request into /remote.php/dav/addressbooks/users/<username>/contacts/<some-uuid>.vcf that has Content-Type: application/xml and has the contact vCard (which of course isn't XML) in it's body.
Fix
This PR disables 200002 with PUT requests into addressbooks.
Issue
Modifying contacts triggers an XML parsing error (rule 200002 in modsecurity.conf) which can be whitelisted in REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf.
Background
Reproduction
This will trigger a HTTP PUT request into
/remote.php/dav/addressbooks/users/<username>/contacts/<some-uuid>.vcf
that hasContent-Type: application/xml
and has the contact vCard (which of course isn't XML) in it's body.Fix
This PR disables 200002 with PUT requests into
addressbooks
.