cannot connect to SurfDrive nextcloud instance via WebDav url or public link #1058
Description
Describe the bug
I have not been able to get WebDav working on SurfDrive, which hosts a NextCloud instance.
This Nextcloud instance is hosted by my University and I have no influence on its settings.
I have been able to synchronize with Beorg on my iPhone.
To Reproduce
- create an app password in SurfDrive nextcloud instance
- store username, password, WebDav url https://surfdrive.surf.nl/remote.php/dav/files/[email protected]
- append the folder path to the url https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org
- attempt to log in to https://organice.200ok.ch/ WebDav with these details
I have also tried:
- create a public share (with password) for a folder in SurfDrive
- setup sync with https://example.com/nextcloud/public.php/webdav
- copy the public url identifier and password
- attempt to log in to https://organice.200ok.ch/ WebDav with these credentials
The website throws the popup that says it failed to connect, then I can get the
full error log from firefox F12 console
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org/. (Reason: CORS request did not succeed). Status code: (null).
Login didn't work, error: {"message":"Network Error","name":"Error","fileName":"https://organice.200ok.ch/public.b5017604.js","lineNumber":1,"columnNumber":819575,"stack":"e.exports@https://organice.200ok.ch/public.b5017604.js:1:819575\ne.exports/</d.onerror@https://organice.200ok.ch/public.b5017604.js:1:818279\n","config":{"url":"https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org/","method":"propfind","headers":{"Accept":"text/plain","Depth":1,"Authorization":"Basic ToKeNReDaCtED=="},"transformRequest":[null],"transformResponse":[null],"timeout":0,"responseType":"text","xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1}} [webdav_sync_backend_client.js:41:19](https://organice.200ok.ch/src/sync_backend_clients/webdav_sync_backend_client.js)
Feature Policy: Skipping unsupported feature name “accelerometer”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “autoplay”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “clipboard-write”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “encrypted-media”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “gyroscope”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “picture-in-picture”. [react-dom.production.min.js:55:235](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “accelerometer”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “autoplay”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “clipboard-write”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “encrypted-media”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “gyroscope”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Feature Policy: Skipping unsupported feature name “picture-in-picture”. [react-dom.production.min.js:205:490](https://organice.200ok.ch/node_modules/react-dom/cjs/react-dom.production.min.js)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://surfdrive.surf.nl/remote.php/dav/files/[email protected]/personal/org/. (Reason: CORS request did not succeed). Status code: (null).
Cookie “__Secure-YEC” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [aQKc0hcFXCk](https://www.youtube.com/embed/aQKc0hcFXCk)
Cookie warnings 2
Content-Security-Policy: Couldn’t process unknown directive ‘require-trusted-types-for’ [aQKc0hcFXCk](https://www.youtube.com/embed/aQKc0hcFXCk)
Cookie “_gh_sess” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [dmorlitz.png](https://github.com/dmorlitz.png)
Cookie “_octo” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [dmorlitz.png](https://github.com/dmorlitz.png)
Cookie “logged_in” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [dmorlitz.png](https://github.com/dmorlitz.png)
Cookie “_gh_sess” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [jcpst.png](https://github.com/jcpst.png)
Cookie “_octo” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [jcpst.png](https://github.com/jcpst.png)
Cookie “logged_in” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”. [jcpst.png](https://github.com/jcpst.png)
Cookie warnings 3
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://googleads.g.doubleclick.net/pagead/id. (Reason: CORS request did not succeed). Status code: (null).
The resource at “<URL>” was blocked because Enhanced Tracking Protection is enabled. 2
Partitioned cookie or storage access was provided to “<URL>” because it is loaded in the third-party context and dynamic state partitioning is enabled. 2
Expected behavior
Synchronize with WebDav, like it does in Beorg.
Is there any way to achieve this or is it simply the case that this server doesn't have the correct CORS settings and currently organice cannot communicate with it?
Screenshots
N/A
Desktop (please complete the following information):
- OS: Arch Linux
- Browser: Firefox
Smartphone (please complete the following information):
- Device: iPhone 8Plus
- OS: iOS 16.7.11
- Browser safari + Orion
Additional context
I've studied the FAQ:
https://organice.200ok.ch/documentation.html#faq_webdav
https://organice.200ok.ch/documentation.html#webdav_cors
https://organice.200ok.ch/documentation.html#webdav_gotchas
this public link sharing approach
fb81bd8
The Nextcloud manual
https://docs.nextcloud.com/server/16/user_manual/files/access_webdav.html#accessing-public-shares-over-webdav
and related issues
#77
Any help would be appreciated.