webDAV 和 CORS

webDAV 和 CORS

我发现我的 webServer 上有一些奇怪的行为。尝试让 keeWeb 接受来自不同服务器上的 webDAV 共享的文件。如果我想添加以以下形式输入的 WebDAV 文件:

https://FQDN:8443/webdav/file.kdbx

我看到以下标头(FF 开发人员工具标头 -> 响应标头):

Access-Control-Allow-Origin:"*"
Access-Control-Allow-Methods:"GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Access-Control-Allow-Headers:"origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Access-Control-Allow-Credentials:"true"

但是,在“网络”选项卡中,我可以看到 401:请求方法:选项状态代码:401 未授权

似乎已添加 CORS 标头,但重写不起作用。我的 Apache 配置:

<Directory /var/www/html/webdav>

Header always set Access-Control-Allow-Origin *
Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Header always set Access-Control-Expose-Headers "ETag"
Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Header always set Access-Control-Allow-Credentials "true"

RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

        DAV On
        AuthType Basic
        AuthName "Authentication Required"
        AuthUserFile /etc/httpd/.htpasswd
        Require valid-user
</Directory>

我是不是漏掉了什么,或者 Rewrite 在 Apache/2.4.6 (CentOS) 上无法工作。我真的不知道如何调试重写。有没有办法跟踪这些事情?

答案1

OPTIONS 方法必须不是需要经过授权,因此将其放在需要身份验证的目录之外,如下所示:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]

<Directory "/path/to/your/directory">
  AuthType "Basic"
  AuthName "Password Manager"
  AuthBasicProvider file
  AuthUserFile "/your/htpasswd.file"
  Require user someuser

  DAV On
  Options Indexes
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
  Header always set Access-Control-Expose-Headers "ETag"
  Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
  Header always set Access-Control-Allow-Credentials "true"
</Directory>

答案2

我遇到了完全相同的问题,几个月来我一直在尝试解决这个问题,最后还是放弃了。服务器版本:Apache/2.4.10 (Raspbian) 除了 Keeweb 的 CORS 标头之外,我还尝试了这种方法 (https://github.com/keeweb/keeweb/wiki/WebDAV-Config

    Alias /KeePass /var/www/KeePass                                                                                                                                                                               


    <Directory /var/www/KeePass>                                                                                                                                                                              
        DAV On                                                                                                                                                                                                
        AuthType Digest                                                                                                                                                                                       
        AuthName "KeePass"                                                                                                                                                                                    
        AuthUserFile /var/www/passwd.dav                                                                                                                                                                      
        <LimitExcept OPTIONS>                                                                                                                                                                                 
        Require valid-user                                                                                                                                                                                    
        </LimitExcept>                                                                                                                                                                                        
   </Directory>

相关内容