diff options
author | NDev8 <ndev8m@gmail.com> | 2018-09-20 17:47:08 +0300 |
---|---|---|
committer | NDev8 <ndev8m@gmail.com> | 2018-09-20 17:47:08 +0300 |
commit | 6ad8835702a03b3a85525928590ff123fe80d32d (patch) | |
tree | 1943706f4db6b89e29f6b092f4651c63049eab46 | |
parent | 4a3a3f06ee62baffc331cb4153b3587dd7e7db0e (diff) |
Fixed WebDAV authentication bug and send credentials in post
Fixes the WebDAV authentication bug which resulted in an “503 Service Unavailable” error and improved the security by sending the credentials in the header instead of the url.
-rw-r--r-- | src/components/nsNextcloud.js | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/components/nsNextcloud.js b/src/components/nsNextcloud.js index c74d6eb..1e52a3c 100644 --- a/src/components/nsNextcloud.js +++ b/src/components/nsNextcloud.js @@ -642,11 +642,14 @@ Nextcloud.prototype = { '</prop>' + '</propfind>'; - let req = new XMLHttpRequest(Ci.nsIXMLHttpRequest); + let req = new XMLHttpRequest(Object.assign({mozAnon: true}, Ci.nsIXMLHttpRequest)); req.open("PROPFIND", this._fullUrl + kWebDavPath + - ("/" + this._storageFolder + "/").replace(/\/+/g, '/'), true, this._userName, - this._password); + ("/" + this._storageFolder + "/").replace(/\/+/g, '/'), true); + + req.setRequestHeader("Authorization", + "Basic " + btoa(this._userName + ':' + this._password)); + req.onerror = function () { this.log.info("Failed to check if folder exists"); callback(false); @@ -677,11 +680,13 @@ Nextcloud.prototype = { */ _createFolder: function createFolder(callback) { if (this._storageFolder !== '/') { - let req = new XMLHttpRequest(Ci.nsIXMLHttpRequest); + let req = new XMLHttpRequest(Object.assign({mozAnon: true}, Ci.nsIXMLHttpRequest)); req.open("MKCOL", this._fullUrl + kWebDavPath + - ("/" + this._storageFolder + "/").replace(/\/+/g, '/'), true, this._userName, - this._password); + ("/" + this._storageFolder + "/").replace(/\/+/g, '/'), true); + + req.setRequestHeader("Authorization", + "Basic " + btoa(this._userName + ':' + this._password)); req.onload = function () { if (req.status === 201) { @@ -780,9 +785,6 @@ NextcloudFileUploader.prototype = { bufStream = bufStream.QueryInterface(Ci.nsIInputStream); let contentLength = fstream.available(); - let req = new XMLHttpRequest(Ci.nsIXMLHttpRequest); - - let password = this.nextcloud.getPassword(this.nextcloud._userName, false); if (password === "") { @@ -790,8 +792,12 @@ NextcloudFileUploader.prototype = { return; } + let req = new XMLHttpRequest(Object.assign({mozAnon: true}, Ci.nsIXMLHttpRequest)); - req.open("PUT", url, true, this.nextcloud._userName, password); + req.open("PUT", url, true); + + req.setRequestHeader("Authorization", + "Basic " + btoa(this.nextcloud._userName + ':' + password)); req.onerror = function () { this.log.error("Could not upload file"); |