Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags caldav, calendar, caldavzap

Adding CORS header to calendar server

Mike shared this idea 5 years ago
Open Discussion

As a cPanel User, I would like the CORS header to be added to the cPanel CalDav so that users will be able to connect correctly to the CalDav server. CalDavZAP users cannot currently connect due to the missing header and the Javascript restriction.


==============


Hi.

I am a user of caldavzap, and caldavzap always have trouble connecting to the cPanel Caldav server due to the missing CORS header. I hope the additional http headers can be added to the cPanel caldav server.

Thanks. 


3.) Cross-domain setup problems and how to solve them (if you use cross-domain setup)
    - Why cross-domain setup is problematic?
      The client is written in JavaScript which has one major security limitation (it is hardcoded into browsers):
        If you want to use cross-domain setup and your server NOT returns proper HTTP CORS headers (see http://www.w3.org/TR/cors/) then JavaScript REFUSES to make requests to your server (more precisely: it performs one OPTIONS request /called preflight request/ to check HTTP headers returned by your server, and if no proper CORS headers are returned, then the real request is NOT performed!).
    - What to do to solve this problem?
      a.) Your server MUST return the following additional HTTP headers:
            Access-Control-Allow-Origin: *
            Access-Control-Allow-Methods: GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
            Access-Control-Allow-Headers: User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, Prefer, X-client, X-Requested-With
            Access-Control-Expose-Headers: Etag, Preference-Applied
      b.) If Access-Control-Request-Method header is sent by your browser (preflight request defined by CORS) then your server MUST return these headers for OPTIONS request WITHOUT requiring authorization and MUST return 200 (or 2xx) HTTP code (Success).
    - Howto add these headers to my CardDAV/CalDAV server?
      Check your server documentation or contact your server developer and ask for CORS or custom HTTP headers support.
    - Howto add these headers to my server if it has no support for CORS or custom HTTP headers?
      Configure custom headers in your web server /or proxy server/ configuration (if possible) - see misc/config_davical.txt for Apache example.

3 I like this idea 0  

Replies (1)

photo
1
Mike 5 years ago

Lets say I am installing example.com/caldavzap, connecting to the caldav on mail.example.com or example.com:xxxx, the caldavzap won't work unless the caldav sends the CORS header.

Reply
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.