WEBDAV + NGINX - problem with MOVE when Basic Auth is used [Solved]


#1

Hi everyone,

I’m trying to set-up a pretty much secure WEBDAV server for my OmniFocus clients, I’ve created a dedicated NGINX WEBDAV server for this purpose but I’m unable to protect it using basic auth.

Why? Because OmniFocus is sending request like this when syncing:

MOVE /OmniFocus.ofocus/20181104232716=XXXXXXXXX.client-write-in-progress-XXXXXXXXX HTTP/1.1
Host: sync.example.com
Destination: https://testlogin:passs@sync.example.com/OmniFocus.ofocus/20181104232716%3DXXXXXXXXX.client
Overwrite: T
Connection: close
Accept: */*
X-Caused-By: XMLSyncTriggerManualSync
User-Agent: OmniFocus-Mac/120.6.0.320379/v3.1.2 Darwin/10.14.1 (MacBookPro11%2C1) (mbpro.local)
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Content-Length: 0

And the problem is because the OmniFocus client is sending URI in “Destination” header with the username/password and NGINX is unable to find the path like username:pass@hostname/path (with the username/password).

Request should look like this:

Destination: https://sync.example.com/OmniFocus.ofocus/20181104232716%3DXXXXXXXXX.client

the testlogin:passs were removed.

Also I have found this thread on the NGINX maillist archive: http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004327.html - it’s from 2013… so I guess NGINX dev’s doesn’t really care about this issue.

Hopefully OmniFocus developers will be more eager to help :)

Cheers,
maciek


#2

Alright… I have to response to myself :)

Thanks to @kcase now I know that you don’t have to provide the url like this: https://testlogin:passs@sync.example.com

It’s better to provide just https://sync.example.com/ and then, when the OmniFocus will receive the “403 Unauthorized” it will ask you for the credentials. After that everything will work like a charm!

Best,
maciek