[Libreoffice-bugs] [Bug 141164] New: Since version LibreOffice 6.4, Webdav cookie authentication is not possible.

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Mon Mar 22 09:31:51 UTC 2021 

https://bugs.documentfoundation.org/show_bug.cgi?id=141164

            Bug ID: 141164
           Summary: Since version LibreOffice 6.4, Webdav cookie
                    authentication is not possible.
           Product: LibreOffice
           Version: 6.4.0.1 rc
          Hardware: All
                OS: Windows (All)
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Writer
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: Demarthe at neoledge.com

Description:
Edit files from our Websites with "IT Hit Webdav Ajax Library"
(https://www.webdavsystem.com/ajax/) is not possible with cookie
authentication.

Steps to Reproduce:
1. On windows 10, mount a shared network on webdav url
https://myServerDomain.com/DAV
2. Open file with this kind of url
\\myServerDomain.com at SSL\DavWWWRoot\DAV\ioC8Whe4fk-2QhGllJokKA\sample.odt
3. LibreOffice should open the file with no webdav protocol (or manage cookies
in webdav http calls.)

Actual Results:
Windows Webclient is no more used.
LibreOffice opens our network file with the webdav protocol.
Http Cookies are not kept and sent back during the exchanges with our
application.

Expected Results:
Cookies must be managed by LibreOffice during the http calls and sent back.

or \\server at SSL\DavWWWRoot\ should not be managed to keep Windows access to the
file (without lock and full webdav)


Reproducible: Always


User Profile Reset: No



Additional Info:
Our application is using IT Hit Webdav Ajax Library to edit LibreOffice files
(https://www.webdavsystem.com/ajax/).
Sample url : https://myServerDomain.com/DAV/ioC8Whe4fk-2QhGllJokKA/sample.odt
This tool opens a windows folder on the url like https://myServerDomain.com/DAV
and then we can open our files like a file in shared network.
\\myServerDomain.com at SSL\DavWWWRoot\DAV\ioC8Whe4fk-2QhGllJokKA\sample.odt

This uses the Windows service "WebClient" to host all the web calls to open the
remote file.
The user-agent seen by our application is "Microsoft-WebDAV-MiniRedir".

Since the first version 6.4 (we tested on the rc and not the 6.4 alpha),
Libreoffice detects that the shared network is a webdav share and starts a
webdav communication with our application.
Very nice.
We see a user-Agent "LibreOffice" in the http request but the authentication
cookie is lost during the calls.
Without the cookie, user is disconnected and it's a HTTP 401. User sees a
prompt for a basic authentication by login/password.

We used a single-use token in the url to authenticate our user on a file. 
This is the best trick to manage openId session on our application.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20210322/766863e3/attachment.htm>

More information about the Libreoffice-bugs mailing list