Summary | Unauthenticated access to public calendar subscription URL |
Queue | Kronolith |
Queue Version | 2.2 |
Type | Bug |
State | Duplicate |
Priority | 1. Low |
Owners | Horde Developers (at) |
Requester | it-horde (at) isoc (dot) org |
Created | 05/29/2008 (6244 days ago) |
Due | |
Updated | 11/09/2008 (6080 days ago) |
Assigned | 05/31/2008 (6242 days ago) |
Resolved | 11/09/2008 (6080 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
State ⇒ Duplicate
New Attachment: attend.php
the attend.php to spit out the current status of all attendees so I
keep everyone informed. I have multiple external people with various
email and calendar apps, and I won't blame Kronolith for what is a
very messy business.
Keep up the good work.
Paul
Priority ⇒ 1. Low
Milestone ⇒
authentication or not at the moment. We don't even know in the
applications whether a resource doesn't exist at all, or is just
hidden because of missing permissions.
A solution might be to first try the API calls unauthenticated, and
request authentication if it fails. Not sure if this is possible with
the HTTP_WebDAV_Server infrastructure though.
Milestone ⇒ 2.2.1
Assigned to
The permission system works fine for the calendar Display URL.
However, accessing ANY of the ical Subscription URLs always causes a
"Horde WebDAV" prompt for authentication - even if the calendar (and
Kronolith) is set up with Guest READ and SHOW rights. It looks like
WebDAV is not accepting anonymous GETs.
Another issue also shows up:
- an anonymous user loads one of the calendar Display URLs
- calendars are listed according to permissions
- user clicks one of the 'i' info icons
- the popup info box is displayed, but shows only a Close button - the
calendar Subscription URL is not shown
I need to be able to allow users to create public calendars that can
be subscribed to without the need for any authentication.
Administration -> Permissions interface.
State ⇒ Not A Bug
Administration -> Permissions interface.
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Queue ⇒ Kronolith
Summary ⇒ Unauthenticated access to public calendar subscription URL
Type ⇒ Bug
- Create a calendar
- Set calendar permission to SHOW and READ for GUEST
- Go to 'Manage Calendars'
- Calendar shows up for unauthenticated user when selecting 'Display URL'
- PROBLEM
- Subscribe to 'Subscription URL' with calendar client (tested with Sunbird)
- Client always prompts for username and password (no anonymous, guest
read access possible). Should allow read only access without
requesting authentication.
- Can also be reproduced by accessing subscription URL via browser