Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caldav: PROPFIND with allprop returns many properties which should not be returned #178

Open
barkyq opened this issue Jan 12, 2025 · 0 comments
Open

caldav: PROPFIND with allprop returns many properties which should not be returned #178

barkyq opened this issue Jan 12, 2025 · 0 comments

Comments

@barkyq
Copy link

barkyq commented Jan 12, 2025
edited
Loading

It appears that many properties which should not be returned according to RFC 4791 are returned in an allprop request.

These properties "SHOULD NOT" be returned according to RFC 4791:

  • supported-calendar-data
  • supported-calendar-component-set
  • max-resource-size
  • calendar-description

I am not sure whether current-user-principal should be returned in allprop. But it seems it should not since https://datatracker.ietf.org/doc/html/rfc4918#section-14.2 states that only properties defined in RFC4918 should be returned.

Additionally the calendar-data "prop" should never be returned in a PROPFIND request; see https://datatracker.ietf.org/doc/html/rfc4791#section-9.6 which states:

Note:  The CALDAV:calendar-data XML element is specified in requests
      and responses inside the DAV:prop XML element as if it were a
      WebDAV property.  However, the CALDAV:calendar-data XML element is
      not a WebDAV property and, as such, is not returned in PROPFIND
      responses, nor used in PROPPATCH requests.

Here is what happens using a MWE of this library.

client sends PROPFIND with request body:

<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
  <D:allprop/>
</D:propfind>

server responds with:

<multistatus xmlns="DAV:">
  <response xmlns="DAV:">
    <href>/caldav/calendars/default/</href>
    <propstat xmlns="DAV:">
      <prop xmlns="DAV:">
        <supported-calendar-data xmlns="urn:ietf:params:xml:ns:caldav">
          <calendar-data xmlns="urn:ietf:params:xml:ns:caldav" content-type="text/calendar" version="2.0"/>
        </supported-calendar-data>
        <supported-calendar-component-set xmlns="urn:ietf:params:xml:ns:caldav">
          <comp xmlns="urn:ietf:params:xml:ns:caldav" name="VEVENT"/>
          <comp xmlns="urn:ietf:params:xml:ns:caldav" name="VTODO"/>
        </supported-calendar-component-set>
        <displayname xmlns="DAV:">default</displayname>
        <max-resource-size xmlns="urn:ietf:params:xml:ns:caldav">1048576</max-resource-size>
        <current-user-principal xmlns="DAV:">
          <href>/caldav/</href>
        </current-user-principal>
        <resourcetype xmlns="DAV:">
          <collection xmlns="DAV:"/>
          <calendar xmlns="urn:ietf:params:xml:ns:caldav"/>
        </resourcetype>
        <calendar-description xmlns="urn:ietf:params:xml:ns:caldav">default description</calendar-description>
      </prop>
      <status>HTTP/1.1 200 OK</status>
    </propstat>
  </response>
  <response xmlns="DAV:">
    <href>/caldav/calendars/default/c12141ed-eb26-48d6-ac79-43a859e53012.ics</href>
    <propstat xmlns="DAV:">
      <prop xmlns="DAV:">
        <current-user-principal xmlns="DAV:">
          <href>/caldav/</href>
        </current-user-principal>
        <getcontenttype xmlns="DAV:">text/calendar</getcontenttype>
        <calendar-data xmlns="urn:ietf:params:xml:ns:caldav">BEGIN:VCALENDAR&#13;
	PRODID:DAVx5/4.4.5-ose ical4j/3.2.19 (org.fossify.calendar)&#13;
	VERSION:2.0&#13;
	BEGIN:VEVENT&#13;
	DESCRIPTION:description
	DTEND;TZID=Europe/Paris:20250113T160000&#13;
	DTSTAMP:20250111T221820Z&#13;
	DTSTART;TZID=Europe/Paris:20250113T150000&#13;
	STATUS:CONFIRMED&#13;
	SUMMARY:summary&#13;
	UID:c12141ed-eb26-48d6-ac79-43a859e53012&#13;
	BEGIN:VALARM&#13;
	ACTION:DISPLAY&#13;
	DESCRIPTION:alarm description&#13;
	TRIGGER:-PT30M&#13;
	END:VALARM&#13;
	END:VEVENT&#13;
	BEGIN:VTIMEZONE&#13;
	TZID:Europe/Paris&#13;
	BEGIN:STANDARD&#13;
	DTSTART:19961027T030000&#13;
	RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU&#13;
	TZNAME:CET&#13;
	TZOFFSETFROM:+0200&#13;
	TZOFFSETTO:+0100&#13;
	END:STANDARD&#13;
	BEGIN:DAYLIGHT&#13;
	DTSTART:19810329T020000&#13;
	RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU&#13;
	TZNAME:CEST&#13;
	TZOFFSETFROM:+0100&#13;
	TZOFFSETTO:+0200&#13;
	END:DAYLIGHT&#13;
	END:VTIMEZONE&#13;
	END:VCALENDAR&#13;
	</calendar-data>
        <getetag xmlns="DAV:">"1819c3541e3431a5359"</getetag>
        <resourcetype xmlns="DAV:"/>
      </prop>
      <status>HTTP/1.1 200 OK</status>
    </propstat>
  </response>
</multistatus>
@barkyq barkyq changed the title PROPFIND with allprop returns many properties which should not be returned caldav: PROPFIND with allprop returns many properties which should not be returned Jan 12, 2025
@barkyq barkyq mentioned this issue Jan 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@barkyq