I’m trying to set-up a pretty much secure WEBDAV server for my OmniFocus clients, I’ve created a dedicated NGINX WEBDAV server for this purpose but I’m unable to protect it using basic auth.
Why? Because OmniFocus is sending request like this when syncing:
MOVE /OmniFocus.ofocus/20181104232716=XXXXXXXXX.client-write-in-progress-XXXXXXXXX HTTP/1.1 Host: sync.example.com Destination: https://testlogin:firstname.lastname@example.org/OmniFocus.ofocus/20181104232716%3DXXXXXXXXX.client Overwrite: T Connection: close Accept: */* X-Caused-By: XMLSyncTriggerManualSync User-Agent: OmniFocus-Mac/220.127.116.110379/v3.1.2 Darwin/10.14.1 (MacBookPro11%2C1) (mbpro.local) Accept-Language: en-us Accept-Encoding: gzip, deflate Content-Length: 0
And the problem is because the OmniFocus client is sending URI in “Destination” header with the username/password and NGINX is unable to find the path like
username:pass@hostname/path (with the username/password).
Request should look like this:
testlogin:passs were removed.
Also I have found this thread on the NGINX maillist archive: http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004327.html - it’s from 2013… so I guess NGINX dev’s doesn’t really care about this issue.
Hopefully OmniFocus developers will be more eager to help :)