Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public links asking for user and password (basic auth popup) #5727

Closed
kulmann opened this issue Aug 24, 2021 · 6 comments · Fixed by owncloud/owncloud-sdk#1020 or #6530
Closed

Public links asking for user and password (basic auth popup) #5727

kulmann opened this issue Aug 24, 2021 · 6 comments · Fixed by owncloud/owncloud-sdk#1020 or #6530
Assignees
@dschmidt
Labels
Priority:p1-urgent Consider a hotfix release with only that fix Type:Bug Something isn't working

Comments

@kulmann
Copy link
Contributor

kulmann commented Aug 24, 2021
edited
Loading

Steps to reproduce

  1. Create a password protected public link
  2. Open the link

Expected behaviour

A password field to open the public shared file or folder should appear.

Actual behaviour

The site loads almost as expected, except that the browser asks for username and password. When pressing Cancel or the ESC key the prompt disappear and the regular public share password needs to be entered.

Server configuration

Operating system: Ubuntu 18.04.5 LTS

Web server: apache 2.4.48

Database: mysql 5.7.35-0ubuntu0.18.04.1

PHP version: 7.4.21

ownCloud version: 10.8

Updated from an older ownCloud or fresh install: update from 10.7

Where did you install ownCloud from: oC tar

Signing status (ownCloud 9.0 and above): signed

The content of config/config.php:

 {
        "system": {
            "updatechecker": false,
            "instanceid": "123123ocdabcd1234",
            "passwordsalt": "***REMOVED SENSITIVE VALUE***",
            "secret": "***REMOVED SENSITIVE VALUE***",
            "trusted_domains": [
                "cloud.myreallycooldomain.de"
            ],
            "datadirectory": "\/owncloudData",
            "overwrite.cli.url": "https:\/\/cloud.myreallycooldomain.de",
            "dbtype": "mysql",
            "version": "10.8.0.4",
            "dbname": "ocstraki",
            "dbhost": "localhost",
            "dbtableprefix": "oc_",
            "mysql.utf8mb4": true,
            "dbuser": "***REMOVED SENSITIVE VALUE***",
            "dbpassword": "***REMOVED SENSITIVE VALUE***",
            "logtimezone": "UTC",
            "installed": true,
            "ldapIgnoreNamingRules": false,
            "maintenance": false,
            "loglevel": 2,
            "trashbin_retention_obligation": "14,60",
            "mail_domain": "***REMOVED SENSITIVE VALUE***",
            "mail_from_address": "***REMOVED SENSITIVE VALUE***",
            "mail_smtpmode": "smtp",
            "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
            "mail_smtpport": "25",
            "mail_smtpauth": 1,
            "mail_smtpauthtype": "LOGIN",
            "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
            "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
            "mail_smtpdebug": true,
            "memcache.local": "\\OC\\Memcache\\APCu",
            "memcache.locking": "\\OC\\Memcache\\Redis",
            "redis": {
                "host": "localhost",
                "port": 6379,
                "timeout": 0
            },
            "web.baseUrl": "https:\/\/cloud.myreallycooldomain.de\/index.php\/apps\/web",
            "web.rewriteLinks": true
        }
    }

List of activated apps:

      - activity:
        - Version: 2.6.1
        - Path: /var/www/owncloud/apps/activity
      - brute_force_protection:
        - Version: 1.1.0
        - Path: /var/www/owncloud/apps/brute_force_protection
      - comments:
        - Version: 0.3.0
        - Path: /var/www/owncloud/apps/comments
      - configreport:
        - Version: 0.2.0
        - Path: /var/www/owncloud/apps/configreport
      - dav:
        - Version: 0.6.0
        - Path: /var/www/owncloud/apps/dav
      - federatedfilesharing:
        - Version: 0.5.0
        - Path: /var/www/owncloud/apps/federatedfilesharing
      - federation:
        - Version: 0.1.0
        - Path: /var/www/owncloud/apps/federation
      - files:
        - Version: 1.5.2
        - Path: /var/www/owncloud/apps/files
      - files_external:
        - Version: 0.8.0
        - Path: /var/www/owncloud/apps/files_external
      - files_mediaviewer:
        - Version: 1.0.4
        - Path: /var/www/owncloud/apps/files_mediaviewer
      - files_pdfviewer:
        - Version: 0.12.2
        - Path: /var/www/owncloud/apps/files_pdfviewer
      - files_sharing:
        - Version: 0.14.0
        - Path: /var/www/owncloud/apps/files_sharing
      - files_trashbin:
        - Version: 0.9.1
        - Path: /var/www/owncloud/apps/files_trashbin
      - files_versions:
        - Version: 1.3.0
        - Path: /var/www/owncloud/apps/files_versions
      - firstrunwizard:
        - Version: 1.2.0
        - Path: /var/www/owncloud/apps/firstrunwizard
      - gallery:
        - Version: 16.1.1
        - Path: /var/www/owncloud/apps/gallery
      - market:
        - Version: 0.6.1
        - Path: /var/www/owncloud/apps/market
      - notifications:
        - Version: 0.5.4
        - Path: /var/www/owncloud/apps/notifications
      - oauth2:
        - Version: 0.4.4
        - Path: /var/www/owncloud/apps/oauth2
      - provisioning_api:
        - Version: 0.5.0
        - Path: /var/www/owncloud/apps/provisioning_api
      - systemtags:
        - Version: 0.3.0
        - Path: /var/www/owncloud/apps/systemtags
      - updatenotification:
        - Version: 0.2.1
        - Path: /var/www/owncloud/apps/updatenotification
      - web:
        - Version: 4.1.0
        - Path: /var/www/owncloud/apps/web

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Chrome/Firefox

Operating system: Windows 10

Logs

Web server access log

77.191.y.x - - [23/Aug/2021:11:37:43 +0200] "GET /index.php/apps/web/index.html HTTP/1.1" 200 7737 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:43 +0200] "GET /index.php/apps/web/css/web.css HTTP/1.1" 200 57206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:43 +0200] "GET /index.php/apps/web/js/require.js HTTP/1.1" 200 27485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:44 +0200] "GET /index.php/apps/web/js/web-runtime-b515b27d.js HTTP/1.1" 200 21252 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:44 +0200] "GET /index.php/apps/web/js/_chunks/encodePath-5ef8ca06.js HTTP/1.1" 200 1042 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:44 +0200] "GET /index.php/apps/web/js/_chunks/vendor-f81f7dc8.js HTTP/1.1" 200 728990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:45 +0200] "GET /index.php/apps/web/config.json HTTP/1.1" 200 1512 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:45 +0200] "GET /index.php/apps/web/js/web-app-files-6d67c5ba.js HTTP/1.1" 200 51441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/js/_chunks/resources-57c772cc.js HTTP/1.1" 200 17842 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/js/_chunks/index-a80cece2.js HTTP/1.1" 200 1138 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/js/_chunks/constants-28c72d8d.js HTTP/1.1" 200 6841 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/js/web-app-media-viewer-3ff4dc5f.js HTTP/1.1" 200 4435 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/js/web-app-draw-io-e1aba242.js HTTP/1.1" 200 2835 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/themes/owncloud/assets/logo.svg HTTP/1.1" 200 10756 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "GET /index.php/apps/web/themes/owncloud/assets/loginBackground.jpg HTTP/1.1" 200 89015 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - - [23/Aug/2021:11:37:46 +0200] "PROPFIND /remote.php/dav/public-files/9JjbkipaAphsgfh HTTP/1.1" 401 1414 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"
77.191.y.x - test [23/Aug/2021:11:37:56 +0200] "PROPFIND /remote.php/dav/public-files/9JjbkipaAphsgfh HTTP/1.1" 401 6548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"

Web server error log

[Mon Aug 23 11:03:28.341555 2021] [mpm_prefork:notice] [pid 2378] AH00171: Graceful restart requested, doing restart
[Mon Aug 23 11:03:28.563153 2021] [mpm_prefork:notice] [pid 2378] AH00163: Apache/2.4.48 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Mon Aug 23 11:03:28.563177 2021] [core:notice] [pid 2378] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 23 11:15:02.077791 2021] [mpm_prefork:notice] [pid 2378] AH00171: Graceful restart requested, doing restart
[Mon Aug 23 11:15:02.176091 2021] [mpm_prefork:notice] [pid 2378] AH00163: Apache/2.4.48 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Mon Aug 23 11:15:02.176110 2021] [core:notice] [pid 2378] AH00094: Command line: '/usr/sbin/apache2'

ownCloud log (data/owncloud.log)

   {"reqId":"7rKR4f2FspfgUHKof144","level":2,"time":"2021-08-23T09:12:08+00:00","remoteAddr":"77.191.y.x","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/public-files\/9JjbkipaAphsgfh","message":"Login failed: 'fvsdfsdfsdfsd' (Remote IP: '77.191.y.x')"}
    {"reqId":"TvrIvBVA5FdlEMPlLfpz","level":2,"time":"2021-08-23T09:12:12+00:00","remoteAddr":"77.191.y.x","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/dav\/public-files\/9JjbkipaAphsgfh","message":"Login failed: 'public' (Remote IP: '77.191.y.x')"}

Ticket origin

https://central.owncloud.org/t/public-links-asking-for-user-and-password/33666
As soon as resolved, post solution in central. Same for further questions regarding this ticket.
@kulmann kulmann added Type:Bug Something isn't working Priority:p2-high Escalation, on top of current planning, release blocker bug labels Aug 24, 2021
@pascalwengerter
Copy link
Contributor

I've come across this when developing, IIRC it was either an unauthenticated webdav request or a version clash between the web version and OC10(.07 vs .08)

@kulmann
Copy link
Contributor Author

kulmann commented Aug 31, 2021

cc @ChrisEdS

@kulmann kulmann added Priority:p1-urgent Consider a hotfix release with only that fix and removed Priority:p2-high Escalation, on top of current planning, release blocker labels Dec 3, 2021
@kulmann kulmann changed the title Public links asking for user and password Public links asking for user and password (basic auth popup) Dec 6, 2021
@dschmidt
Copy link
Member

Possibly a (partial) duplicate #6157

@dschmidt
Copy link
Member

Also #6033

@dschmidt
Copy link
Member

Can you still reproduce?
I imagine it might have been fixed with #6137 as that touched quite a bit of the routing logic and I'm reliably redirected to enter my password now

@dschmidt
Copy link
Member

dschmidt commented Mar 4, 2022
edited
Loading

I can reproduce this with oC 10 only.
The PROPFIND for the public link sets the WWW-Authenticate in oC 10, but it does not on oCIS.

oCIS

curl 'https://host.docker.internal:9200/remote.php/dav/public-files/LkvXFLCqAMKMCYS' \
  -X 'PROPFIND' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'sec-ch-ua: "Chromium";v="95", ";Not A Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/xml; charset=UTF-8' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'Depth: 0' \
  -H 'Origin: https://host.docker.internal:9200' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Referer: https://host.docker.internal:9200/files/ops/resolver/public-link/LkvXFLCqAMKMCYS' \
  -H 'Accept-Language: en' \
  -H 'Cookie: oc1iruehzknj=gbgscb80k7uafglgij156adnb6; oc_sessionPassphrase=D0hfoK0DvXWTZWeA6M75lR8m24qWq2QBN5CFvJS55lXDylQ2LFhil10HX6rjMp65LFT%2FNSx3ru6hNQVUJXyqnjg093hTNX1krA%2BFNQ%2B4WxB2sHknmRzM4VHxRs5kzHjc' \
  --data-raw $'<?xml version="1.0"?>\n<d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">\n  <d:prop>\n    <oc:permissions />\n    <oc:favorite />\n    <oc:fileid />\n    <oc:owner-id />\n    <oc:owner-display-name />\n    <oc:share-types />\n    <oc:privatelink />\n    <d:getcontentlength />\n    <oc:size />\n    <d:getlastmodified />\n    <d:getetag />\n    <d:getcontenttype />\n    <d:resourcetype />\n    <oc:downloadURL />\n    <oc:public-link-item-type />\n    <oc:public-link-permission />\n    <oc:public-link-expiration />\n    <oc:public-link-share-datetime />\n    <oc:public-link-share-owner />\n  </d:prop>\n</d:propfind>' \
  --compressed \
  --insecure -v
*   Trying 127.0.0.1:9200...
* Connected to host.docker.internal (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Feb 18 21:51:40 2022 GMT
*  expire date: Feb 18 21:51:40 2023 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> PROPFIND /remote.php/dav/public-files/LkvXFLCqAMKMCYS HTTP/1.1
> Host: host.docker.internal:9200
> Accept-Encoding: deflate, gzip, br, zstd
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> sec-ch-ua: "Chromium";v="95", ";Not A Brand";v="99"
> sec-ch-ua-mobile: ?0
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
> OCS-APIREQUEST: true
> Content-Type: application/xml; charset=UTF-8
> Accept: application/json, text/plain, */*
> sec-ch-ua-platform: "Linux"
> Depth: 0
> Origin: https://host.docker.internal:9200
> Sec-Fetch-Site: same-origin
> Sec-Fetch-Mode: cors
> Sec-Fetch-Dest: empty
> Referer: https://host.docker.internal:9200/files/ops/resolver/public-link/LkvXFLCqAMKMCYS
> Accept-Language: en
> Cookie: oc1iruehzknj=gbgscb80k7uafglgij156adnb6; oc_sessionPassphrase=D0hfoK0DvXWTZWeA6M75lR8m24qWq2QBN5CFvJS55lXDylQ2LFhil10HX6rjMp65LFT%2FNSx3ru6hNQVUJXyqnjg093hTNX1krA%2BFNQ%2B4WxB2sHknmRzM4VHxRs5kzHjc
> Content-Length: 610
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Location
< Content-Length: 237
< Content-Security-Policy: default-src 'none';
< Content-Type: text/xml; charset=utf-8
< Date: Fri, 04 Mar 2022 12:23:23 GMT
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: none
< X-Xss-Protection: 1; mode=block
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host host.docker.internal left intact
<d:error xmlns:d="DAV" xmlns:s="http://sabredav.org/ns"><s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception><s:message>No &#39;Authorization: Basic&#39; header found</s:message></d:error>%

oC 10


curl 'http://host.docker.internal:8080/remote.php/dav/public-files/BxX3HdvovWPsqQB' \
  -X 'PROPFIND' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Depth: 0' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/xml; charset=UTF-8' \
  -H 'Origin: http://host.docker.internal:8080' \
  -H 'Referer: http://host.docker.internal:8080/index.php/apps/web/index.html' \
  -H 'Accept-Language: en' \
  -H 'Cookie: oc1iruehzknj=gbgscb80k7uafglgij156adnb6; oc_sessionPassphrase=D0hfoK0DvXWTZWeA6M75lR8m24qWq2QBN5CFvJS55lXDylQ2LFhil10HX6rjMp65LFT%2FNSx3ru6hNQVUJXyqnjg093hTNX1krA%2BFNQ%2B4WxB2sHknmRzM4VHxRs5kzHjc' \
  --data-raw $'<?xml version="1.0"?>\n<d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">\n  <d:prop>\n    <oc:permissions />\n    <oc:favorite />\n    <oc:fileid />\n    <oc:owner-id />\n    <oc:owner-display-name />\n    <oc:share-types />\n    <oc:privatelink />\n    <d:getcontentlength />\n    <oc:size />\n    <d:getlastmodified />\n    <d:getetag />\n    <d:getcontenttype />\n    <d:resourcetype />\n    <oc:downloadURL />\n    <oc:public-link-item-type />\n    <oc:public-link-permission />\n    <oc:public-link-expiration />\n    <oc:public-link-share-datetime />\n    <oc:public-link-share-owner />\n  </d:prop>\n</d:propfind>' \
  --compressed \
  --insecure -v
*   Trying 127.0.0.1:8080...
* Connected to host.docker.internal (127.0.0.1) port 8080 (#0)
> PROPFIND /remote.php/dav/public-files/BxX3HdvovWPsqQB HTTP/1.1
> Host: host.docker.internal:8080
> Accept-Encoding: deflate, gzip, br, zstd
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> Accept: application/json, text/plain, */*
> Depth: 0
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
> OCS-APIREQUEST: true
> Content-Type: application/xml; charset=UTF-8
> Origin: http://host.docker.internal:8080
> Referer: http://host.docker.internal:8080/index.php/apps/web/index.html
> Accept-Language: en
> Cookie: oc1iruehzknj=gbgscb80k7uafglgij156adnb6; oc_sessionPassphrase=D0hfoK0DvXWTZWeA6M75lR8m24qWq2QBN5CFvJS55lXDylQ2LFhil10HX6rjMp65LFT%2FNSx3ru6hNQVUJXyqnjg093hTNX1krA%2BFNQ%2B4WxB2sHknmRzM4VHxRs5kzHjc
> Content-Length: 610
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Date: Fri, 04 Mar 2022 12:21:25 GMT
< Server: Apache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 0
< X-Robots-Tag: none
< X-Frame-Options: SAMEORIGIN
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Security-Policy: default-src 'none';
< WWW-Authenticate: Bearer realm="ownCloud"
< WWW-Authenticate: Basic realm="ownCloud", charset="UTF-8"
< Content-Length: 664
< Keep-Alive: timeout=5, max=100
< Connection: Keep-Alive
< Content-Type: application/xml; charset=utf-8
< 
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>
* Connection #0 to host host.docker.internal left intact

@dschmidt dschmidt mentioned this issue Mar 4, 2022
Merged
@dschmidt dschmidt reopened this Mar 4, 2022
dschmidt added a commit that referenced this issue Mar 4, 2022
@dschmidt
Fix #5727: Do not show auth popup for password protected links in oC 10
9eecd91
@dschmidt dschmidt mentioned this issue Mar 4, 2022
Merged
10 tasks
dschmidt added a commit that referenced this issue Mar 4, 2022
@dschmidt
Fix #5727: Do not show auth popup for password protected links in oC 10
e36e147
dschmidt added a commit that referenced this issue Mar 4, 2022
@dschmidt
Merge pull request #6530 from owncloud/fix_5727
b9a5e21 
Fix #5727: Do not show auth popup for password protected links in oC 10
@kulmann kulmann moved this to Done in Web Support Board Jun 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dschmidt dschmidt

Labels
Priority:p1-urgent Consider a hotfix release with only that fix Type:Bug Something isn't working
Projects
No open projects
Web Support Board
Status: Done
Milestone
No milestone
3 participants
@dschmidt @kulmann @pascalwengerter