diff --git a/lib/redmine_dmsf/webdav/controller.rb b/lib/redmine_dmsf/webdav/controller.rb
index 1fc1770c..2ba4a3e3 100644
--- a/lib/redmine_dmsf/webdav/controller.rb
+++ b/lib/redmine_dmsf/webdav/controller.rb
@@ -33,7 +33,7 @@ module RedmineDmsf
           # Return NotFound if resource does not exist and the request is not anonymous.
           NotFound
         else
-          if request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?
+          if !request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?
             # Anonymous request from MsOffice, respond 405.
             # If responding with 401 then MsOffice will fail.
             # If responding with 200 then MsOffice will think that anonymous access is ok for everything.
@@ -48,7 +48,7 @@ module RedmineDmsf
       # Return response to HEAD
       def head
         # exist? returns false if user is anonymous for ProjectResource and DmsfResource, but not for IndexResource.
-        unless(resource.exist? || (request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?))
+        unless(resource.exist? || (!request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?))
           # Return NotFound if resource does not exist and the request is not from an anonymous MsOffice product.
           NotFound
         else
diff --git a/lib/redmine_dmsf/webdav/resource_proxy.rb b/lib/redmine_dmsf/webdav/resource_proxy.rb
index 864d57f6..0e0c1260 100644
--- a/lib/redmine_dmsf/webdav/resource_proxy.rb
+++ b/lib/redmine_dmsf/webdav/resource_proxy.rb
@@ -54,9 +54,9 @@ module RedmineDmsf
         return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
 
         # Allow anonymous OPTIONS requests from MsOffice
-        return true if @request.request_method.downcase == 'options' && @request.user_agent.downcase.include?('microsoft office')
+        return true if @request.request_method.downcase == 'options' && !@request.user_agent.nil? && @request.user_agent.downcase.include?('microsoft office')
         # Allow anonymous HEAD requests from MsOffice
-        return true if @request.request_method.downcase == 'head' && request.user_agent.downcase.include?('microsoft office')
+        return true if @request.request_method.downcase == 'head' && !@request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office')
 
         return false unless username && password
         User.current = User.try_to_login(username, password)