I have been using this repo (great work by the way) deployed to cloudflare and it seems to be working well enough for clients accessed through a web browser and linux. Windows seems to be an issue. I also have a client (browser based) that tries to connect by first sending an OPTIONS method. It seems that the service responds with a status 401, even though I am using the proper credentials that seem to work well using other methods such as GET and POST.
I'm not too familiar with the webdav protocol, but I do see that if the linux client connects sending the OPTIONS method, it seems to work, but the web client does not.
Using the cloudflare logs in the worker, I see that the following request coming from the web client:
"event": {
"request": {
"url": "https://MYPROPERADDRESS/FILENAME",
"method": "OPTIONS",
"headers": {
"accept": "*/*",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.9",
"access-control-request-headers": "authorization,cache-control",
"access-control-request-method": "HEAD",
"cf-connecting-ip": "CLIENTIP",
"cf-ipcountry": "US",
"cf-ray": "85d9bbbf5aac390a",
"cf-visitor": "{\"scheme\":\"https\"}",
"connection": "Keep-Alive",
"host": "MYPROPERADDRES",
"origin": "https://ORIGINSERVERURL/",
"referer": "https://ORIGINSERVERURL/",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "cross-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36",
"x-forwarded-proto": "https",
"x-real-ip": "MYREALIP"
},
Obviously the response code I get back is
"response": {
"status": 401
}
The only part I see in the index.js code that sends a response back of 401 is line 614 that checks to make sure that the Authorization is not sent Basic realm. but I don't understand what this is and what this is for:
export default {
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
const { bucket } = env;
if (request.headers.get('Authorization') !== `Basic ${btoa(`${env.USERNAME}:${env.PASSWORD}`)}`) {
return new Response('Unauthorized', {
status: 401,
headers: {
'WWW-Authenticate': 'Basic realm="webdav"',
},
});
}
If I compare that unsuccessful OPTIONS method call with one that is the biggest thing I can see is the lack of a "authorization" key value pair, but there is one sent in the "access-control-request-headers"
"access-control-request-headers": "authorization,cache-control",
Again, I don't understand what this is, and why this particular client is making the OPTIONS method call this way. Any help would be appreciated