go-webdav
go-webdav copied to clipboard
Published
20 hours ago •
emersion
emersion
caldav: PROPFIND with allprop returns many properties which should not be returned
trafficstars
It appears that many properties which should not be returned according to RFC 4791 are returned in an allprop request.
These properties "SHOULD NOT" be returned according to RFC 4791:
supported-calendar-datasupported-calendar-component-setmax-resource-sizecalendar-description
I am not sure whether current-user-principal should be returned in allprop. But it seems it should not since https://datatracker.ietf.org/doc/html/rfc4918#section-14.2 states that only properties defined in RFC4918 should be returned.
Additionally the calendar-data "prop" should never be returned in a PROPFIND request; see https://datatracker.ietf.org/doc/html/rfc4791#section-9.6 which states:
Note: The CALDAV:calendar-data XML element is specified in requests
and responses inside the DAV:prop XML element as if it were a
WebDAV property. However, the CALDAV:calendar-data XML element is
not a WebDAV property and, as such, is not returned in PROPFIND
responses, nor used in PROPPATCH requests.
Here is what happens using a MWE of this library.
client sends PROPFIND with request body:
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:allprop/>
</D:propfind>
server responds with:
<multistatus xmlns="DAV:">
<response xmlns="DAV:">
<href>/caldav/calendars/default/</href>
<propstat xmlns="DAV:">
<prop xmlns="DAV:">
<supported-calendar-data xmlns="urn:ietf:params:xml:ns:caldav">
<calendar-data xmlns="urn:ietf:params:xml:ns:caldav" content-type="text/calendar" version="2.0"/>
</supported-calendar-data>
<supported-calendar-component-set xmlns="urn:ietf:params:xml:ns:caldav">
<comp xmlns="urn:ietf:params:xml:ns:caldav" name="VEVENT"/>
<comp xmlns="urn:ietf:params:xml:ns:caldav" name="VTODO"/>
</supported-calendar-component-set>
<displayname xmlns="DAV:">default</displayname>
<max-resource-size xmlns="urn:ietf:params:xml:ns:caldav">1048576</max-resource-size>
<current-user-principal xmlns="DAV:">
<href>/caldav/</href>
</current-user-principal>
<resourcetype xmlns="DAV:">
<collection xmlns="DAV:"/>
<calendar xmlns="urn:ietf:params:xml:ns:caldav"/>
</resourcetype>
<calendar-description xmlns="urn:ietf:params:xml:ns:caldav">default description</calendar-description>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response xmlns="DAV:">
<href>/caldav/calendars/default/c12141ed-eb26-48d6-ac79-43a859e53012.ics</href>
<propstat xmlns="DAV:">
<prop xmlns="DAV:">
<current-user-principal xmlns="DAV:">
<href>/caldav/</href>
</current-user-principal>
<getcontenttype xmlns="DAV:">text/calendar</getcontenttype>
<calendar-data xmlns="urn:ietf:params:xml:ns:caldav">BEGIN:VCALENDAR
PRODID:DAVx5/4.4.5-ose ical4j/3.2.19 (org.fossify.calendar)
VERSION:2.0
BEGIN:VEVENT
DESCRIPTION:description
DTEND;TZID=Europe/Paris:20250113T160000
DTSTAMP:20250111T221820Z
DTSTART;TZID=Europe/Paris:20250113T150000
STATUS:CONFIRMED
SUMMARY:summary
UID:c12141ed-eb26-48d6-ac79-43a859e53012
BEGIN:VALARM
ACTION:DISPLAY
DESCRIPTION:alarm description
TRIGGER:-PT30M
END:VALARM
END:VEVENT
BEGIN:VTIMEZONE
TZID:Europe/Paris
BEGIN:STANDARD
DTSTART:19961027T030000
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19810329T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
END:VCALENDAR
</calendar-data>
<getetag xmlns="DAV:">"1819c3541e3431a5359"</getetag>
<resourcetype xmlns="DAV:"/>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
