HTTP/2 requests to Davical with debug mode result in logged
Authorization header as the comparison is currently case sensitive
https://datatracker.ietf.org/doc/rfc9113/
> 8.2. HTTP Fields
> Field names MUST be converted to lowercase when constructing an HTTP/2
message.
This is intended to reduce the load on external authentication sources
as most (all?) CalDAV clients use HTTPBasicAuth to authenticate and
if an external source is used, every request we receive requires
external authentication. This can place a large load on those external
sources.
Closes#254.
We allow them when users set their passwords, and no doubt allowed
from LDAP and other external sources. We should allow them to be
entered. Closes#229.
Previously a stack trace would be returned as the call to dav_name failed,
for example:
Exception [0] Can't calculate dav_name for unknown username
At line 382 of /usr/share/davical/inc/Principal.php
================= Stack Trace ===================
/usr/share/davical/htdocs/freebusy.php[49] Principal->dav_name()
the second argument of param_to_global, if set, becomes the first
argument of a call to preg_match(). Unless it's the special value 'int',
it needs to have regex delimiters around it, like '/.*/'
In this case, we're not interested in the value of the add-member
parameter, we only want to check for its existence, so skip validation.
This reverts commit 38788acc5cbec147d6a46a6254ef8eec0a270c71, which
causes the following tests to fail (not return any FREEBUSY):
tests/regression-suite/0832-freebusy.test
tests/regression-suite/0836-freebusy.test
tests/regression-suite/0837-freebusy.test
tests/regression-suite/0888-GET-freebusy.test
It seems to be the case, that array indicies in $_SERVER are always
uppercase. Sadly I could not find any documentation of this but at
least with mod_php it is the case. Also a extensive search on github
projects seems to support this thesis.
On my installation the 'X-FORWARDED-PROTO' is even then uppercase when
its mixed case in the Header provided by the reverse proxy.
Signed-off-by: Jan Losinski <losinski@wh2.tu-dresden.de>
