Username and password doesn't work with Synology NAS

[catap]

I'm using version 3.0.0 and when I've tried to connect to WebDAV on my Synology I can't because it never sent HTTP Auth heraers.

Example of traffic:

2a02:8106:20:5f02:f8a6:2e81:ae0b:1e9e.54187-2a02:8106:20:5f02:211:32ff:fede:ad71.05005: OPTIONS /music/ HTTP/1.1
Host: nas.korins.ky:5005
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: PROPFIND
Access-Control-Request-Headers: authorization,depth
Origin: http://127.0.0.1:44999
User-Agent: Chrome
Sec-Fetch-Mode: cors
Referer: http://127.0.0.1:44999/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB

2a02:8106:20:5f02:211:32ff:fede:ad71.05005-2a02:8106:20:5f02:f8a6:2e81:ae0b:1e9e.54187: HTTP/1.1 401 Unauthorized
Date: Wed, 20 Oct 2021 23:41:33 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Expose-Headers: *
WWW-Authenticate: Basic realm="SYNO_WebDAV Storage"
Content-Length: 381
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[icidasset]

Hi 👋

The OPTIONS preflight request in a browser never sends the Authorization header and other user credentials (by design). So the Synology WebDAV is not properly configured, it shouldn't require authorization for the options request.

More info: https://stackoverflow.com/a/40723041

[catap]

@icidasset Synology WebDAV is apache2.4 I guess. It is quite popular WebDAV server.

Maybe you may suggest how it should be configured?

[icidasset]

Sorry, I shouldn't say configured, poor choice of words. I meant that the Synology WebDAV plugin isn't properly programmed, (the developers of) the plugin shouldn't require authorization for the OPTIONS request.

Sadly lots of WebDAV servers aren't properly implemented according to the WebDAV specification. That's why I have the warning when you create a new source in Diffuse:

I'm guessing that plugin isn't open-source?

[catap]

@icidasset this "plugin" is one of the most used in the world web server: apache.

I guess add docs how to use it for diffuse is quite usefull.

[icidasset]

Well, Apache isn't the plugin, that's the HTTP server underneath. The Synology WebDAV server/plugin still has to configure Apache to serve the WebDAV responses. So when that OPTIONS request comes in, the WebDAV server from Synology decides it's an invalid request, not Apache.

Anyhow, there's not much I can document, the WebDAV server just has to be implemented correctly according to the WebDAV and CORS specifications, which is not the case here.

[catap]

@icidasset I guess you may add a way to configure apache which is much more popular when some another WebDAV servers :)

[catap]

@icidasset I can write short instruction how to configure webdav inside apache with example of Synology. But it has one negative side effect: each upgrade of webdav all changes will be rejected :(

[icidasset]

@catap That'd be great, I have zero experience with this kind of setup.

[catap]

@icidasset I totally forgot about this one. As I said before => each upgrade brokes things :( => I've gave up this idea.