stokito · March 3, 2023 16:55 · stokito · Feb 17, 2023
diff --git a/99-disk.conf b/99-disk.conf
 server.modules += ( "mod_webdav", "mod_setenv" )
 $HTTP["url"] =~ "^/dav($|/)" {
  webdav.activate := "enable"
  server.document-root := "/srv/disk/"

  # skip basic auth check for OPTIONS method from CORS preflight request
  $HTTP["request-method"] != "OPTIONS" {
    auth.backend := "plain"
    auth.backend.plain.userfile := "/etc/lighttpd/webdav.shadow"
    auth.require := (
      # alice and bob have their own home directories but admin user can see them too
      "/dav/alice/"=>("method"=>"basic","realm"=>"disk","require"=>"user=alice|user=admin"),
      "/dav/bob/"=>("method"=>"basic","realm"=>"disk","require"=>"user=bob|user=admin"),
      "/dav/"=>("method"=>"basic","realm"=>"disk","require"=>"valid-user")
    )
    server.dir-listing := "enable"
    dir-listing.encoding := "utf-8"
  }

  # For CORS we ned to allow all origins
  setenv.add-response-header += (
    "Access-Control-Allow-Origin" => "*",
    "Access-Control-Allow-Credentials" => "true"
  )
  # For CORS OPTIONS requests we should say which methods are allowed
  $HTTP["request-method"] == "OPTIONS" {
    setenv.add-response-header += (
      "Access-Control-Allow-Methods" => "HEAD, GET, DELETE, PUT, PATCH, MOVE, MKCOL, COPY, LOCK, UNLOCK, PROPFIND, PROPPATCH, ORDERPATCH, OPTIONS",
      "Access-Control-Expose-Headers" => "Content-Range, Date, Etag, Last-Modified, Authorization, MS-Author-Via, DAV",
      "Access-Control-Allow-Headers" => "Content-Type, Accept, Accept-Encoding, Accept-Language, Range, Referer, Cache-Control, Authorization, Accept-Range, If-Modified-Since, Connection, TE, Depth, DNT, If-Match, Destination, Overwrite",
      "Access-Control-Max-Age" => "60",
      "Timing-Allow-Origin" => "*"
    )
  }
 }
	server.modules += ( "mod_webdav", "mod_setenv" )
	$HTTP["url"] =~ "^/dav($\|/)" {
	webdav.activate := "enable"
	server.document-root := "/srv/disk/"

	# skip basic auth check for OPTIONS method from CORS preflight request
	$HTTP["request-method"] != "OPTIONS" {
	auth.backend := "plain"
	auth.backend.plain.userfile := "/etc/lighttpd/webdav.shadow"
	auth.require := (
	# alice and bob have their own home directories but admin user can see them too
	"/dav/alice/"=>("method"=>"basic","realm"=>"disk","require"=>"user=alice\|user=admin"),
	"/dav/bob/"=>("method"=>"basic","realm"=>"disk","require"=>"user=bob\|user=admin"),
	"/dav/"=>("method"=>"basic","realm"=>"disk","require"=>"valid-user")
	)
	server.dir-listing := "enable"
	dir-listing.encoding := "utf-8"
	}

	# For CORS we ned to allow all origins
	setenv.add-response-header += (
	"Access-Control-Allow-Origin" => "*",
	"Access-Control-Allow-Credentials" => "true"
	)
	# For CORS OPTIONS requests we should say which methods are allowed
	$HTTP["request-method"] == "OPTIONS" {
	setenv.add-response-header += (
	"Access-Control-Allow-Methods" => "HEAD, GET, DELETE, PUT, PATCH, MOVE, MKCOL, COPY, LOCK, UNLOCK, PROPFIND, PROPPATCH, ORDERPATCH, OPTIONS",
	"Access-Control-Expose-Headers" => "Content-Range, Date, Etag, Last-Modified, Authorization, MS-Author-Via, DAV",
	"Access-Control-Allow-Headers" => "Content-Type, Accept, Accept-Encoding, Accept-Language, Range, Referer, Cache-Control, Authorization, Accept-Range, If-Modified-Since, Connection, TE, Depth, DNT, If-Match, Destination, Overwrite",
	"Access-Control-Max-Age" => "60",
	"Timing-Allow-Origin" => "*"
	)
	}
	}