redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Anonymous OPTIONS and HEAD requests are only allowed from Microsoft Office clients.

Browse Source
This commit is contained in:
COLA@Redminetest 2016-11-08 14:45:57 +01:00
parent 05b0f1b08c
commit f34c8ef4ec
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/redmine_dmsf/webdav/resource_proxy.rb
View File

@ -51,12 +51,12 @@ module RedmineDmsf
# going to fork it to ensure compliance, checking the request method in the authentication
# seems the next best step, if the request method is OPTIONS return true, controller will simply
# call the options method within, which accesses nothing, just returns headers about dav env.
#return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
# Allow anonymous OPTIONS requests.
return true if @request.request_method.downcase == 'options'
# Allow anonymous HEAD requests.
return true if @request.request_method.downcase == 'head'
# Allow anonymous OPTIONS requests from MsOffice
return true if @request.request_method.downcase == 'options' && @request.user_agent.downcase.include?('microsoft office')
# Allow anonymous HEAD requests from MsOffice
return true if @request.request_method.downcase == 'head' && request.user_agent.downcase.include?('microsoft office')
return false unless username && password
User.current = User.try_to_login(username, password)