Closed mikeconley closed 9 years ago
So this patch is one approach, or perhaps if you want this, you'd prefer we never get to the authenticate methods of an auth plugin if the method is OPTIONS?
Hey mikeconley! <3 to see that this little project might positively contribute to TB!
You approach looks OK to me, but I think that you can implement this a bit easier by changing https://github.com/mikedeboer/jsDAV/blob/master/lib/DAV/plugins/auth.js#L61 to be
if (!this.authBackend || this.handler.httpRequest.method == "OPTIONS")
return callback();
...to disable auth for OPTIONS requests at the root.
Another thing you can do is disable HTTP auth completely by
authBackend
at https://github.com/mikedeboer/jsDAV/blob/master/examples/addressbookserver.js#L79)jsDAV_Auth_Plugin
from the fixed list of plugins at https://github.com/mikedeboer/jsDAV/blob/master/examples/addressbookserver.js#L81.Have fun!
@mikeconley did my comment above help you in any way?
Hey mikedeboer! :D Might surprise you to see me fiddling with this, but in my spare time, I'm hacking on a potential Thunderbird address book rework. Still very vapour-y, but I thought I might use jsDAV as a CardDAV test-server. Ran into this bug (at least, I think it's a bug), and thought you might want the patch.
CORS requires a pre-flight OPTIONS request to be sent to the server in order for the client to know what methods, origins, headers, etc. are allowed. This pre-flight request should not request authentication.
See http://stackoverflow.com/questions/15734031/why-does-the-preflight-options-request-of-an-authenticated-cors-request-work-in