WebDAV MOVE requests contain username in Destination header
Submitted by Tom Hargreaves
Assigned to gvf..@..e.bugs
Link to original bug (#679051)
Description
soup_uri_to_string encodes authentication information in the returned string. When passed in the Destination: header of MOVE requests (presumably also COPY, although I don't think gvfs sends these) this confuses some servers.
This bug is particularly bad from a usability POV as nautilus is only able to create folders called "Untitled Folder" since the subsequent MOVE request fails.
The attached patch requests a relative URI instead, which should suffice as AFAIK gvfs never sends cross-domain MOVEs.
Some network traces: BEFORE:
MOVE /Untitled%20Folder HTTP/1.1 Host: davtest Destination: http://Administrator@davtest/g Overwrite: F Accept-Encoding: gzip, deflate User-Agent: gvfs/1.13.2 Accept-Language: en-gb, en;q=0.9, en;q=0.8 Connection: Keep-Alive Authorization: Basic QWRtaW5pc3RyYXRvcjpmb28=
HTTP/1.1 400 Bad Request Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 25 Jun 2012 10:00:40 GMT Content-Length: 11
Bad Request
AFTER:
MOVE /Untitled%20Folder HTTP/1.1 Host: davtest Destination: /j Overwrite: F Accept-Encoding: gzip, deflate User-Agent: gvfs/1.13.2 Accept-Language: en-gb, en;q=0.9, en;q=0.8 Connection: Keep-Alive Authorization: Basic QWRtaW5pc3RyYXRvcjpmb28=
HTTP/1.1 201 Created Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Thu, 28 Jun 2012 10:47:32 GMT Content-Length: 0
Version: git master