From 965bf19065c415c2020415e59302a9c0a73533c7 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Sun, 25 Jun 2023 14:58:50 +0100 Subject: [PATCH] webdav: make --webdav-auth-redirect to fix 401 unauthorized on redirect Before this change, if the server returned a 302 redirect message when opening a file rclone would do the redirect but drop the Authorization: header. This is a sensible thing to do for security reasons but breaks some setups. This patch adds the --webdav-auth-redirect flag which makes it preserve the auth just for this kind of request. See: https://forum.rclone.org/t/webdav-401-unauthorized-when-server-redirects-to-another-domain/39292 --- backend/webdav/webdav.go | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/backend/webdav/webdav.go b/backend/webdav/webdav.go index f3e2ee905..b8bd670c0 100644 --- a/backend/webdav/webdav.go +++ b/backend/webdav/webdav.go @@ -161,7 +161,24 @@ Set to 0 to disable chunked uploading. Default: false, }, fshttp.UnixSocketConfig, - }, + { + Name: "auth_redirect", + Help: `Preserve authentication on redirect. + +If the server redirects rclone to a new domain when it is trying to +read a file then normally rclone will drop the Authorization: header +from the request. + +This is standard security practice to avoid sending your credentials +to an unknown webserver. + +However this is desirable in some circumstances. If you are getting +an error like "401 Unauthorized" when rclone is attempting to read +files from the webdav server then you can try this option. +`, + Advanced: true, + Default: false, + }}, }) } @@ -180,6 +197,7 @@ type Options struct { ExcludeShares bool `config:"owncloud_exclude_shares"` ExcludeMounts bool `config:"owncloud_exclude_mounts"` UnixSocket string `config:"unix_socket"` + AuthRedirect bool `config:"auth_redirect"` } // Fs represents a remote webdav @@ -1456,6 +1474,7 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read ExtraHeaders: map[string]string{ "Depth": "0", }, + AuthRedirect: o.fs.opt.AuthRedirect, // allow redirects to preserve Auth } err = o.fs.pacer.Call(func() (bool, error) { resp, err = o.fs.srv.Call(ctx, &opts)