I have a problem that DAVdroid seems not to authenticate properly to the given URLs. I have my owncloud instance hosted on a webserver in a hidden directory on an unusal port. As this is a private cloud I hope to be able to minimize the problems with script kiddies and similar people. Everything is done with the apache TLS module in order to provide encryption.
Now, I realized the following behaviour:
DAVdroid connects to the server and tries to connect to /my-hidden-dir/remote.php/dav .
As an answer it gets a 401 Unauthorized answer with a Basic auth request.
In the next step it tries to connect (with proper Athorization header) to /.well-known/caldav and gets 404 not found.
Then it sleeps for a while and the game starts anew.
In order to work around that problem I configured /.well-known/caldav and /.well-known/carddav to return a proper 301 header – a step that contradicts the idea of a hidden service. But DAVdroid still authenticaties to the wrong half of the requests.
I would expect either that DAVdroid tries to connect with correct Authorization headers starting with the first attempts or that it tries a secound request with the same URI if it gets a 401 response. The latter one is probably more flexible and secure. At least this is the behaviour that I can observe when I use wget to imitate these requests. In contrast to DAVdroid, wget is able to connect to my owncloud instance.