mikeconley
commented
10 years ago So this patch is one approach, or perhaps if you want this, you'd prefer we never get to the authenticate methods of an auth plugin if the method is OPTIONS?
Closed mikeconley closed 9 years ago
mikeconley
commented
10 years ago So this patch is one approach, or perhaps if you want this, you'd prefer we never get to the authenticate methods of an auth plugin if the method is OPTIONS?
mikedeboer
commented
10 years ago Hey mikeconley! <3 to see that this little project might positively contribute to TB!
You approach looks OK to me, but I think that you can implement this a bit easier by changing https://github.com/mikedeboer/jsDAV/blob/master/lib/DAV/plugins/auth.js#L61 to be
if (!this.authBackend || this.handler.httpRequest.method == "OPTIONS")
return callback();...to disable auth for OPTIONS requests at the root.
Another thing you can do is disable HTTP auth completely by
authBackend at https://github.com/mikedeboer/jsDAV/blob/master/examples/addressbookserver.js#L79)jsDAV_Auth_Plugin from the fixed list of plugins at https://github.com/mikedeboer/jsDAV/blob/master/examples/addressbookserver.js#L81.Have fun!
mikedeboer
commented
10 years ago @mikeconley did my comment above help you in any way?
Hey mikedeboer! :D Might surprise you to see me fiddling with this, but in my spare time, I'm hacking on a potential Thunderbird address book rework. Still very vapour-y, but I thought I might use jsDAV as a CardDAV test-server. Ran into this bug (at least, I think it's a bug), and thought you might want the patch.
CORS requires a pre-flight OPTIONS request to be sent to the server in order for the client to know what methods, origins, headers, etc. are allowed. This pre-flight request should not request authentication.
See http://stackoverflow.com/questions/15734031/why-does-the-preflight-options-request-of-an-authenticated-cors-request-work-in