Askemos Forum

WebDAV, SOAP and other protocols don't work, while browser does, why?22. June 2006

An anti-pishing measure, which can bite you.

That trap comes from an anti-pishing feature unrelated to WebDAV:

If any web form could point to any receiver place via OID, it would be easy to set up a form to corrupt a user's account.

Therefore activation of capabilities is slightly complicated:

read requests; since read requests don't incure any effect there can't be any abuse. Hence it's safe to activate all capabilities.
write requests;
  • if sent along link paths: capabilities are activ
  • if sent directly to some OID: capabilities are only active, if the HTTP "referer" header contains the same OID

This test seems to need some refinement, but it's rather hard to define how it should be done. (Comments are welcome!!)

So if you have trouble accessing certain places, link them into you namespace and try again.

Post replies via login host.

Intro - slides
Askemos Wiki
Publikationen