Disable unauthenticated access

Authored by mollekopf on Sat, Jan 14, 11:25 PM.



The WWW-Authenticate header was not returned on an unauthenticated
propfind, but thunderbird relies on that.

I believe it's basically because in Sabre\DAVACL\Plugin::beforeMethod,
nodeExists is called, which ultimately attempts to list calendars in the
backend. This cannot work without some form of proxy authorization.

This likely broke in 28bbce1c30abada11d0e1d49094c120ff1e3084c of the
sabre dav repo (where this unauthenticated access was introduced and
enabled by default).

Diff Detail

rI iRony
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

mollekopf requested review of this revision.Sat, Jan 14, 11:25 PM
mollekopf created this revision.
This revision is now accepted and ready to land.Sun, Jan 15, 1:55 PM
Closed by commit rIb5fe5188e4a7: Disable unauthenticated access (authored by Christian Mollekopf <>). · Explain WhySun, Jan 15, 10:22 PM
This revision was automatically updated to reflect the committed changes.